CVE-2022-45859

Name of the Vulnerable Software and Affected Versions FortiNAC versions 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0, 8.7.0 FortiNAC-F version 7.2.0

Description The issue is related to insufficient protection of registration data when handling the /etc/shadow password file, which may allow an attacker to gain unauthorized access to protected information. A local attacker with system access may retrieve users' passwords due to an insufficiently protected credentials vulnerability.

Recommendations For FortiNAC versions 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0, 8.7.0, and FortiNAC-F version 7.2.0, consider restricting access to the /etc/shadow file until a patch is available. As a temporary workaround, limit system access to authorized personnel only to minimize the risk of exploitation. Avoid using the password variable in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.