CVE-2022-39953

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
fortinetfortinac
8.5.0 ≤
𝑥
≤ 8.5.4
fortinetfortinac
8.6.0 ≤
𝑥
≤ 8.6.5
fortinetfortinac
8.7.0 ≤
𝑥
≤ 8.7.6
fortinetfortinac
8.8.0 ≤
𝑥
≤ 8.8.11
fortinetfortinac
9.1.0 ≤
𝑥
≤ 9.1.8
fortinetfortinac
9.2.0 ≤
𝑥
≤ 9.2.6
fortinetfortinac
8.3.7
fortinetfortinac
9.4.0
fortinetfortinac
9.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-22-309
https://fortiguard.com/psirt/FG-IR-22-309