An improper authorization vulnerability [CWE-285] in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
Affected ProductsFortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
Please upgrade to FortiNAC-F version 7.2.0 or above
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above