CVE Vulnerabilities

CVE-2022-45859

Insufficiently Protected Credentials

Published: May 03, 2023 | Modified: Nov 07, 2023
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users passwords.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Fortinac Fortinet 8.7.0 (including) 9.1.8 (including)
Fortinac Fortinet 9.2.0 (including) 9.2.7 (excluding)
Fortinac Fortinet 9.4.0 (including) 9.4.2 (excluding)
Fortinac-f Fortinet 7.2.0 (including) 7.2.0 (including)

Potential Mitigations

References