CVE-2023-22637

Name of the Vulnerable Software and Affected Versions FortiNAC-F version 7.2.0 FortiNAC versions 9.4.2 and below FortiNAC versions 9.2 and earlier FortiNAC versions 9.1 and earlier FortiNAC versions 8.8 and earlier FortiNAC versions 8.7 and earlier

Description The issue is related to an improper neutralization of input during web page generation, also known as Cross-site Scripting. This could allow an authenticated attacker to trigger remote code execution via crafted licenses in the License Management component.

Recommendations For FortiNAC-F version 7.2.0, update to a version that fixes the issue. For FortiNAC versions 9.4.2 and below, update to a version above 9.4.2. For FortiNAC versions 9.2 and earlier, update to a version above 9.2. For FortiNAC versions 9.1 and earlier, update to a version above 9.1. For FortiNAC versions 8.8 and earlier, update to a version above 8.8. For FortiNAC versions 8.7 and earlier, update to a version above 8.7. As a temporary workaround, consider restricting access to the License Management component until a patch is available.