Описание
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.7.0 (включая) до 9.2.6 (включая)Версия от 9.4.0 (включая) до 9.4.2 (исключая)
Одно из
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1390
CWE-287
Связанные уязвимости
CVSS3: 5.3
github
почти 3 года назад
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
EPSS
Процентиль: 37%
0.00162
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-1390
CWE-287