PT-2025-11277 · Fortinet · Fortinac-F+1

Published

2023-11-19

Updated

2025-03-14

CVE-2023-48785

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: FortiNAC-F versions 7.2.4 and below

Description: The issue is related to improper certificate validation, which may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel. This could potentially compromise the security of the communication between the FortiOS device, an inventory, and FortiNAC-F.

Recommendations: For FortiNAC-F versions 7.2.4 and below, update to a version above 7.2.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2025-02805

CVE-2023-48785

Affected Products

Fortinac-F

Fortios

PT-2025-11277 · Fortinet · Fortinac-F+1

CVE-2023-48785

Weakness Enumeration

Related Identifiers

Affected Products

References · 7