Sign-up

ID

VAR-202303-0336


CVE

CVE-2022-39953


TITLE

fortinet's  FortiNAC  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020658

DESCRIPTION

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. fortinet's FortiNAC Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability that stems from improper privilege management

Trust: 2.25

sources: NVD: CVE-2022-39953 // JVNDB: JVNDB-2022-020658 // CNNVD: CNNVD-202303-495 // VULMON: CVE-2022-39953

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.1

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.1.8

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.3.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:eqversion:8.3.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.5.0 to 8.5.4

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.7.0 to 8.7.6

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.1.0 to 9.1.8

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.2.0 to 9.2.6

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.6.0 to 8.6.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.8.0 to 8.8.11

Trust: 0.8

sources: JVNDB: JVNDB-2022-020658 // NVD: CVE-2022-39953

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-39953
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202303-495
value: HIGH

Trust: 0.6

NVD: CVE-2022-39953
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-39953
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020658 // CNNVD: CNNVD-202303-495 // NVD: CVE-2022-39953

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020658 // NVD: CVE-2022-39953

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-495

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-39953

PATCH
title:FG-IR-22-309url:https://fortiguard.com/psirt/fg-ir-22-309
Trust: 0.8
title:Fortinet FortiNAC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229005
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-020658 // 
            
            
            
            CNNVD: CNNVD-202303-495

EXTERNAL IDS
db:NVDid:CVE-2022-39953
Trust: 3.3
db:JVNDBid:JVNDB-2022-020658
Trust: 0.8
db:CNNVDid:CNNVD-202303-495
Trust: 0.6
db:VULMONid:CVE-2022-39953
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-39953 // 
            
            
            
            JVNDB: JVNDB-2022-020658 // 
            
            
            
            CNNVD: CNNVD-202303-495 // 
            
            
            
            NVD: CVE-2022-39953

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-309
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-39953
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-39953/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-39953 // 
            
            
            
            JVNDB: JVNDB-2022-020658 // 
            
            
            
            CNNVD: CNNVD-202303-495 // 
            
            
            
            NVD: CVE-2022-39953

SOURCES
db:VULMONid:CVE-2022-39953
db:JVNDBid:JVNDB-2022-020658
db:CNNVDid:CNNVD-202303-495
db:NVDid:CVE-2022-39953

LAST UPDATE DATE
2023-11-07T22:26:46.528000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-39953date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020658date:2023-11-06T07:34:00
db:CNNVDid:CNNVD-202303-495date:2023-03-15T00:00:00
db:NVDid:CVE-2022-39953date:2023-03-14T15:51:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-39953date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020658date:2023-11-06T00:00:00
db:CNNVDid:CNNVD-202303-495date:2023-03-07T00:00:00
db:NVDid:CVE-2022-39953date:2023-03-07T17:15:00