CVE-2022-38375

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 9.4.0 through 9.4.1 Fortinet FortiNAC versions prior to 9.2.6

Description The issue is related to improper authorization, allowing an unauthenticated user to perform administrative operations via crafted HTTP POST requests. This can potentially enable a remote attacker to execute arbitrary code by sending specially formed POST requests over HTTP.

Recommendations For Fortinet FortiNAC versions 9.4.0 through 9.4.1, update to a version outside of this range to resolve the issue. For Fortinet FortiNAC versions prior to 9.2.6, update to version 9.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the FortiNAC instance to minimize the risk of exploitation.