| IR Number | FG-IR-23-013 |
| Date | May 3, 2023 |
| Component | GUI |
| Severity |
Medium |
| CVSSv3 Score | 5.9 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2023-22637 |
| Affected Products |
FortiNAC
:
9.4.2, 9.4.1, 9.4.0, 9.2.8, 9.2.7, 9.2.6, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.1, 9.2.0, 9.1.9, 9.1.8, 9.1.7, 9.1.6, 9.1.5, 9.1.4, 9.1.3, 9.1.2, 9.1.10, 9.1.1, 9.1.0, 8.8.9, 8.8.8, 8.8.7, 8.8.6, 8.8.5, 8.8.4, 8.8.3, 8.8.2, 8.8.11, 8.8.10, 8.8.1, 8.8.0, 8.7.6, 8.7.5, 8.7.4, 8.7.3, 8.7.2, 8.7.1, 8.7.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiNAC - Stored XSS triggering RCE via license key forgery
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
Affected Products
FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.2
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
Solutions
Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.3 or above