CVE-2023-22633

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-22633
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-521 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*
History

17 Jun 2023, 01:40

Type Values Removed Values Added
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*
References (MISC) https://fortiguard.com/psirt/FG-IR-22-521 - (MISC) https://fortiguard.com/psirt/FG-IR-22-521 - Vendor Advisory
First Time Fortinet fortinac
Fortinet fortinac-f
Fortinet

13 Jun 2023, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-13 09:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-22633

Mitre link : CVE-2023-22633

CVE.ORG link : CVE-2023-22633

JSON object : View

Products Affected

fortinet

  • fortinac-f
  • fortinac
CWE
NVD-CWE-Other CWE-264

Permissions, Privileges, and Access Controls