CVE-2022-45860

Name of the Vulnerable Software and Affected Versions FortiNAC-F version 7.2.0 FortiNAC versions 9.4.2 and below FortiNAC version 9.2 and earlier FortiNAC version 9.1 and earlier FortiNAC version 8.8 and earlier FortiNAC version 8.7 and earlier

Description A weak authentication issue in the device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. This could potentially affect a large number of devices, but the exact number is not specified.

Recommendations For FortiNAC-F version 7.2.0, update to a version that includes a fix for this issue. For FortiNAC versions 9.4.2 and below, update to a version above 9.4.2 or apply the recommended fix. For FortiNAC version 9.2 and earlier, update to a version later than 9.2. For FortiNAC version 9.1 and earlier, update to a version later than 9.1. For FortiNAC version 8.8 and earlier, update to a version later than 8.8. For FortiNAC version 8.7 and earlier, update to a version later than 8.7. As a temporary workaround, consider restricting access to the device registration page to minimize the risk of exploitation.