CVE-2022-26117

Name of the Vulnerable Software and Affected Versions FortiNAC versions 8.3.7 and below FortiNAC versions 8.5.2 and below FortiNAC versions 8.5.4 FortiNAC version 8.6.0 FortiNAC versions 8.6.5 and below FortiNAC versions 8.7.6 and below FortiNAC versions 8.8.11 and below FortiNAC versions 9.1.5 and below FortiNAC versions 9.2.3 and below

Description The issue is related to an empty password in the configuration file, which may allow an authenticated attacker to access the MySQL databases via the command-line interface (CLI).

Recommendations For FortiNAC versions 8.3.7 and below, update the configuration file to include a secure password. For FortiNAC versions 8.5.2 and below, update the configuration file to include a secure password. For FortiNAC version 8.5.4, update the configuration file to include a secure password. For FortiNAC version 8.6.0, update the configuration file to include a secure password. For FortiNAC versions 8.6.5 and below, update the configuration file to include a secure password. For FortiNAC versions 8.7.6 and below, update the configuration file to include a secure password. For FortiNAC versions 8.8.11 and below, update the configuration file to include a secure password. For FortiNAC versions 9.1.5 and below, update the configuration file to include a secure password. For FortiNAC versions 9.2.3 and below, update the configuration file to include a secure password.