Fortinet FortiNAC Unauthorized Administrative Operations Vulnerability

Fortinet FortiNAC Unauthorized Administrative Operations Vulnerability

CVE-2022-38375 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

Learn more about our Cis Benchmark Audit For Fortinet.