CVE-2022-26116

Name of the Vulnerable Software and Affected Versions FortiNAC versions 8.3.7 and below FortiNAC versions 8.5.2 and below FortiNAC versions 8.5.4 FortiNAC version 8.6.0 FortiNAC versions 8.6.5 and below FortiNAC versions 8.7.6 and below FortiNAC versions 8.8.11 and below FortiNAC versions 9.1.5 and below FortiNAC versions 9.2.2 and below

Description The issue is related to improper neutralization of special elements used in SQL commands, also known as SQL Injection. This may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted string parameters.

Recommendations For FortiNAC versions 8.3.7 and below, update to a version above 8.3.7. For FortiNAC versions 8.5.2 and below, update to a version above 8.5.2. For FortiNAC version 8.5.4, update to a version above 8.5.4. For FortiNAC version 8.6.0, update to a version above 8.6.0. For FortiNAC versions 8.6.5 and below, update to a version above 8.6.5. For FortiNAC versions 8.7.6 and below, update to a version above 8.7.6. For FortiNAC versions 8.8.11 and below, update to a version above 8.8.11. For FortiNAC versions 9.1.5 and below, update to a version above 9.1.5. For FortiNAC versions 9.2.2 and below, update to a version above 9.2.2. As a temporary workaround, consider restricting access to SQL commands to minimize the risk of exploitation.