CVE-2022-40677

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0

Description The issue is related to improper neutralization of argument delimiters in a command, also known as 'argument injection'. This allows an attacker to execute unauthorized code or commands via specially crafted input parameters.

Recommendations For Fortinet FortiNAC version 8.3.7, update to a fixed version. For Fortinet FortiNAC versions 8.5.0 through 8.5.4, update to a fixed version. For Fortinet FortiNAC versions 8.6.0 through 8.6.5, update to a fixed version. For Fortinet FortiNAC versions 8.7.0 through 8.7.6, update to a fixed version. For Fortinet FortiNAC versions 8.8.0 through 8.8.11, update to a fixed version. For Fortinet FortiNAC versions 9.1.0 through 9.1.7, update to a fixed version. For Fortinet FortiNAC versions 9.2.0 through 9.2.5, update to a fixed version. For Fortinet FortiNAC version 9.4.0, update to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.