CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.2%
An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.
Vendor | Product | Version | CPE |
---|---|---|---|
fortinet | fortinac | * | cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* |
fortinet | fortinac-f | 7.2.0 | cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:* |
[
{
"vendor": "Fortinet",
"product": "FortiNAC",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "9.4.0",
"lessThanOrEqual": "9.4.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "9.2.0",
"lessThanOrEqual": "9.2.7",
"status": "affected"
},
{
"versionType": "semver",
"version": "9.1.0",
"lessThanOrEqual": "9.1.9",
"status": "affected"
},
{
"versionType": "semver",
"version": "8.8.0",
"lessThanOrEqual": "8.8.11",
"status": "affected"
},
{
"versionType": "semver",
"version": "8.7.0",
"lessThanOrEqual": "8.7.6",
"status": "affected"
}
]
}
]