Details of VAR-202303-0336

ID

VAR-202303-0336

CVE

CVE-2022-39953

TITLE

Fortinet FortiNAC Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

DESCRIPTION

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper privilege management

Trust: 1.53

sources: NVD: CVE-2022-39953 // CNNVD: CNNVD-202303-495 // VULMON: CVE-2022-39953

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	8.8.11	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	eq	version:	9.4.1	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	8.5.4	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.2.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	8.6.5	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.1.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	9.2.6	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.5.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	eq	version:	9.4.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	9.1.8	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	eq	version:	8.3.7	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.6.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	8.7.6	Trust: 1.0

sources: NVD: CVE-2022-39953

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-39953
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202303-495
value:	HIGH
Trust: 0.6

NVD:	CVE-2022-39953
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202303-495 // NVD: CVE-2022-39953

PROBLEMTYPE DATA

problemtype:

CWE-269

Trust: 1.0

sources: NVD: CVE-2022-39953

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

CONFIGURATIONS

sources: NVD: CVE-2022-39953

PATCH

title:

Fortinet FortiNAC Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229005

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39953	Trust: 1.7
db:	CNNVD	id:	CNNVD-202303-495	Trust: 0.6
db:	VULMON	id:	CVE-2022-39953	Trust: 0.1

sources: VULMON: CVE-2022-39953 // CNNVD: CNNVD-202303-495 // NVD: CVE-2022-39953

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-309	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-39953/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-39953 // CNNVD: CNNVD-202303-495 // NVD: CVE-2022-39953

SOURCES

db:	VULMON	id:	CVE-2022-39953
db:	CNNVD	id:	CNNVD-202303-495
db:	NVD	id:	CVE-2022-39953

LAST UPDATE DATE

2023-03-15T22:22:21.732000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-39953	date:	2023-03-07T00:00:00
db:	CNNVD	id:	CNNVD-202303-495	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2022-39953	date:	2023-03-14T15:51:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-39953	date:	2023-03-07T00:00:00
db:	CNNVD	id:	CNNVD-202303-495	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-39953	date:	2023-03-07T17:15:00