CVE-2022-39946

Name of the Vulnerable Software and Affected Versions FortiNAC versions 9.4.2 and below FortiNAC versions 9.2.7 and below FortiNAC version 9.1 and all prior versions FortiNAC versions 8.8 and all prior versions FortiNAC versions 8.7 and all prior versions FortiNAC versions 8.6 and all prior versions FortiNAC versions 8.5 and all prior versions

Description The issue is related to an access control vulnerability that may allow a remote attacker, authenticated on the administrative interface, to perform unauthorized jsp calls via crafted HTTP requests. This vulnerability is associated with inadequate access control, which can be exploited by a remote attacker to execute unauthorized actions.

Recommendations For FortiNAC versions 9.4.2 and below, consider restricting access to the administrative interface until a fix is available. For FortiNAC versions 9.2.7 and below, restrict access to the administrative interface to minimize the risk of exploitation. For FortiNAC version 9.1 and all prior versions, avoid using the administrative interface for sensitive operations until the issue is resolved. For FortiNAC versions 8.8 and all prior versions, consider disabling jsp calls from remote sources as a temporary workaround. For FortiNAC versions 8.7 and all prior versions, restrict access to the vulnerable interface to minimize the risk of exploitation. For FortiNAC versions 8.6 and all prior versions, avoid using crafted HTTP requests in the administrative interface until the issue is resolved. For FortiNAC versions 8.5 and all prior versions, consider implementing additional access control measures to prevent unauthorized jsp calls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.