Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-23-096
HistoryJun 23, 2023 - 12:00 a.m.

FortiNAC - argument injection in XML interface on port tcp/5555

2023-06-2300:00:00
FortiGuard Labs
www.fortiguard.com
6
fortinac
command injection
tcp/5555
xml interface
vulnerability
unauthenticated attacker
local files
device
input fields
foothold
privileges
software
JSON

An improper neutralization of special elements used in a command (β€˜command injection’) vulnerability [CWE-77] in FortiNAC tcp/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields. To access the copied data, however, the attacker must have an already existing foothold on the device with sufficient privileges

Related

cve 1
thn 1
cve
cve
CVE-2023-33300
2023-06-24 14:00:01
thn
thn
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
2023-06-27 05:35:00
JSON
Related for FG-IR-23-096
cve1thn1