CVE-2022-43951

Name of the Vulnerable Software and Affected Versions FortiNAC versions 9.4.1 and below FortiNAC versions 9.2.6 and below FortiNAC versions 9.1.8 and below FortiNAC versions 8.8.11 and below FortiNAC versions 8.7.6 and below

Description The issue is related to an exposure of sensitive information to an unauthorized actor, which may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. This is due to a lack of protection for service data.

Recommendations For FortiNAC versions 9.4.1 and below, update to a version above 9.4.1 to resolve the issue. For FortiNAC versions 9.2.6 and below, update to a version above 9.2.6 to resolve the issue. For FortiNAC versions 9.1.8 and below, update to a version above 9.1.8 to resolve the issue. For FortiNAC versions 8.8.11 and below, update to a version above 8.8.11 to resolve the issue. For FortiNAC versions 8.7.6 and below, update to a version above 8.7.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information via crafted HTTP requests until a patch is available.