An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attackerĀ authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortinac | Fortinet | 8.5.0 (including) | 8.5.4 (including) |
| Fortinac | Fortinet | 8.6.0 (including) | 8.6.5 (including) |
| Fortinac | Fortinet | 8.7.0 (including) | 8.7.6 (including) |
| Fortinac | Fortinet | 8.8.0 (including) | 8.8.11 (including) |
| Fortinac | Fortinet | 9.1.0 (including) | 9.1.10 (including) |
| Fortinac | Fortinet | 9.2.0 (including) | 9.2.8 (including) |
| Fortinac | Fortinet | 9.4.0 (including) | 9.4.0 (including) |
| Fortinac | Fortinet | 9.4.1 (including) | 9.4.1 (including) |
| Fortinac | Fortinet | 9.4.2 (including) | 9.4.2 (including) |