CVE-2022-43950

Name of the Vulnerable Software and Affected Versions FortiNAC-F version 7.2.0 FortiNAC versions 9.4.1 and below FortiNAC versions 9.2 and earlier FortiNAC versions 8.8 and earlier FortiNAC versions 8.7 and earlier

Description A URL redirection to untrusted site ('Open Redirect') issue may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.

Recommendations For FortiNAC-F version 7.2.0, consider disabling URL redirection functionality until a patch is available. For FortiNAC versions 9.4.1 and below, restrict access to crafted URLs to minimize the risk of exploitation. For FortiNAC versions 9.2 and earlier, avoid using URLs that may be redirected to untrusted sites. For FortiNAC versions 8.8 and earlier, consider implementing additional security measures to prevent URL redirection attacks. For FortiNAC versions 8.7 and earlier, restrict user access to URLs that may be vulnerable to redirection.