Valentin Allaire

**Name of the Vulnerable Software and Affected Versions** FortiNAC versions 8.3.7 and below FortiNAC versions 8.5.2 and below FortiNAC versions 8.5.4 FortiNAC version 8.6.0 FortiNAC versions 8.6.5 and below FortiNAC versions 8.7.6 and below FortiNAC versions 8.8.11 and below FortiNAC versions 9.1.5 and below FortiNAC versions 9.2.3 and below **Description** The issue is related to an empty password in the configuration file, which may allow an authenticated attacker to access the MySQL databases via the command-line interface (CLI). **Recommendations** For FortiNAC versions 8.3.7 and below, update the configuration file to include a secure password. For FortiNAC versions 8.5.2 and below, update the configuration file to include a secure password. For FortiNAC version 8.5.4, update the configuration file to include a secure password. For FortiNAC version 8.6.0, update the configuration file to include a secure password. For FortiNAC versions 8.6.5 and below, update the configuration file to include a secure password. For FortiNAC versions 8.7.6 and below, update the configuration file to include a secure password. For FortiNAC versions 8.8.11 and below, update the configuration file to include a secure password. For FortiNAC versions 9.1.5 and below, update the configuration file to include a secure password. For FortiNAC versions 9.2.3 and below, update the configuration file to include a secure password.

**Name of the Vulnerable Software and Affected Versions** Fortinet FortiNAC versions 8.8.9 and below Fortinet FortiNAC versions 9.1.3 and below Fortinet FortiNAC version 9.2.0 **Description** The issue is related to an incorrect permission assignment for a critical resource in Fortinet FortiNAC. This can allow an attacker to gain higher privileges by accessing sensitive system data. **Recommendations** For Fortinet FortiNAC versions 8.8.9 and below, update to a version that contains a fix for this issue. For Fortinet FortiNAC versions 9.1.3 and below, update to a version that contains a fix for this issue. For Fortinet FortiNAC version 9.2.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive system data to minimize the risk of exploitation.