Sign-up

ID

VAR-202303-0444


CVE

CVE-2022-40676


TITLE

fortinet's  FortiNAC  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020657

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection

Trust: 2.25

sources: NVD: CVE-2022-40676 // JVNDB: JVNDB-2022-020657 // CNNVD: CNNVD-202303-493 // VULMON: CVE-2022-40676

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.1.8

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.3.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:フォーティネットmodel:fortinacscope:eqversion:8.3.7

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.5.0 to 8.5.4

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.7.0 to 8.7.6

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.1.0 to 9.1.8

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:9.2.0 to 9.2.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.6.0 to 8.6.5

Trust: 0.8

vendor:フォーティネットmodel:fortinacscope:eqversion:8.8.0 to 8.8.11

Trust: 0.8

sources: JVNDB: JVNDB-2022-020657 // NVD: CVE-2022-40676

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-40676
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202303-493
value: MEDIUM

Trust: 0.6

NVD: CVE-2022-40676
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-40676
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020657 // CNNVD: CNNVD-202303-493 // NVD: CVE-2022-40676

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020657 // NVD: CVE-2022-40676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-493

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202303-493

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-40676

PATCH
title:FG-IR-22-281url:https://fortiguard.com/psirt/fg-ir-22-281
Trust: 0.8
title:Fortinet FortiNAC Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=229004
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-020657 // 
            
            
            
            CNNVD: CNNVD-202303-493

EXTERNAL IDS
db:NVDid:CVE-2022-40676
Trust: 3.3
db:JVNDBid:JVNDB-2022-020657
Trust: 0.8
db:CNNVDid:CNNVD-202303-493
Trust: 0.6
db:VULMONid:CVE-2022-40676
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-40676 // 
            
            
            
            JVNDB: JVNDB-2022-020657 // 
            
            
            
            CNNVD: CNNVD-202303-493 // 
            
            
            
            NVD: CVE-2022-40676

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-281
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-40676
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-40676/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-40676 // 
            
            
            
            JVNDB: JVNDB-2022-020657 // 
            
            
            
            CNNVD: CNNVD-202303-493 // 
            
            
            
            NVD: CVE-2022-40676

SOURCES
db:VULMONid:CVE-2022-40676
db:JVNDBid:JVNDB-2022-020657
db:CNNVDid:CNNVD-202303-493
db:NVDid:CVE-2022-40676

LAST UPDATE DATE
2023-11-07T22:54:39.500000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-40676date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020657date:2023-11-06T07:30:00
db:CNNVDid:CNNVD-202303-493date:2023-03-15T00:00:00
db:NVDid:CVE-2022-40676date:2023-03-14T15:29:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-40676date:2023-03-07T00:00:00
db:JVNDBid:JVNDB-2022-020657date:2023-11-06T00:00:00
db:CNNVDid:CNNVD-202303-493date:2023-03-07T00:00:00
db:NVDid:CVE-2022-40676date:2023-03-07T17:15:00