CVE-2023-22633

Name of the Vulnerable Software and Affected Versions FortiNAC versions 7.2.0, 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0, 8.7.0

Description The issue is related to improper permissions, privileges, and access controls in FortiNAC, which can be exploited by an unauthenticated attacker to perform a denial-of-service (DoS) attack on the device. This can be achieved via client-secure renegotiation, allowing a remote attacker to cause a service disruption.

Recommendations For FortiNAC version 7.2.0, update to a version that addresses the improper permissions issue. For FortiNAC versions 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, update to a version above these ranges to mitigate the risk. For FortiNAC versions 8.8.0 and 8.7.0, consider restricting access to the client-secure renegotiation feature until a patch is available. As a temporary workaround, consider disabling the client-secure renegotiation feature to minimize the risk of exploitation.