CVE-2022-39953

Name of the Vulnerable Software and Affected Versions FortiNAC versions 8.3.7, 8.5, 8.6, 8.7, 8.8, 9.1.0 through 9.1.8, 9.2.0 through 9.2.6, 9.4.0 through 9.4.1

Description The issue is related to improper privilege management in Fortinet FortiNAC, which can be exploited by an attacker to escalate privileges via specially crafted commands. This is due to deficiencies in access control.

Recommendations For FortiNAC version 8.3.7, consider disabling the vulnerable functionality until a patch is available. For FortiNAC versions 8.5, 8.6, 8.7, 8.8, restrict access to the affected components to minimize the risk of exploitation. For FortiNAC versions 9.1.0 through 9.1.8, 9.2.0 through 9.2.6, 9.4.0 through 9.4.1, avoid using specially crafted commands in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.