Lack of certificate validation
Summary
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
Version | Affected | Solution |
---|---|---|
FortiNAC-F 7.4 | Not affected | Not Applicable |
FortiNAC-F 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
Acknowledgement
Fortinet is pleased to thank Christian Hilgers from indevis for reporting this vulnerability under responsible disclosureTimeline
2024-04-09: Initial publication