CVE-2022-39953

2023-03-0717:15:11

CWE-269

[email protected]

web.nvd.nist.gov

fortinet fortinac

cve-2022-39953

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.3%

JSON

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

Affected configurations

Nvd

Node

fortinetfortinacRange8.5.0–8.5.4

fortinetfortinacRange8.6.0–8.6.5

fortinetfortinacRange8.7.0–8.7.6

fortinetfortinacRange8.8.0–8.8.11

fortinetfortinacRange9.1.0–9.1.8

fortinetfortinacRange9.2.0–9.2.6

fortinetfortinacMatch8.3.7

fortinetfortinacMatch9.4.0

fortinetfortinacMatch9.4.1

VendorProductVersionCPE
fortinetfortinac*cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
fortinetfortinac8.3.7cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*
fortinetfortinac9.4.0cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
fortinetfortinac9.4.1cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortinac	*	cpe:2.3:a:fortinet:fortinac::::::::
fortinet	fortinac	8.3.7	cpe:2.3:a:fortinet:fortinac:8.3.7:::::::*
fortinet	fortinac	9.4.0	cpe:2.3:a:fortinet:fortinac:9.4.0:::::::*
fortinet	fortinac	9.4.1	cpe:2.3:a:fortinet:fortinac:9.4.1:::::::*