exploitDog

GHSA-46mg-x8hq-xrw5

Опубликовано: 13 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.6

Описание

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

Ссылки

EPSS

Процентиль: 39%

0.00175

Низкий

7.6 High

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2022-39946

CVSS3: 7.6

nvd

больше 2 лет назад

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

BDU:2023-04053

CVSS3: 7.6

fstec

больше 2 лет назад

Уязвимость средства управления доступом к сети Fortinet FortiNAC, связанная с недостатками контроля доступа, позволяющая нарушителю выполнять несанкционированные вызовы jsp

EPSS

Процентиль: 39%

0.00175

Низкий

7.6 High

CVSS3

CVE ID

Дефекты

CWE-284