CVE-2023-26206

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 7.2.0 Fortinet FortiNAC versions 9.1.0 through 9.1.10 Fortinet FortiNAC versions 9.2.0 through 9.2.8 Fortinet FortiNAC versions 9.4.0 through 9.4.2

Description The issue is related to an improper neutralization of input during web page generation, also known as cross-site scripting (XSS), which allows an attacker to execute unauthorized code or commands. This can be achieved via the name fields observed in the policy audit logs.

Recommendations For Fortinet FortiNAC version 7.2.0, update to a version that includes the fix for this issue. For Fortinet FortiNAC versions 9.1.0 through 9.1.10, update to a version that includes the fix for this issue. For Fortinet FortiNAC versions 9.2.0 through 9.2.8, update to a version that includes the fix for this issue. For Fortinet FortiNAC versions 9.4.0 through 9.4.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the policy audit logs to minimize the risk of exploitation.