Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortinac vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-24011
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
Fortinet Fortinac
7.2
CVSSv2
CVE-2021-43065
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows malicious user to gain higher privileges via the access to sensitive system data.
Fortinet Fortinac 9.2.0
Fortinet Fortinac
7.2
CVSSv2
CVE-2021-41021
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
Fortinet Fortinac 9.1.2
Fortinet Fortinac 9.1.1
Fortinet Fortinac 9.1.0
Fortinet Fortinac 8.8.8
Fortinet Fortinac 8.8.7
Fortinet Fortinac 8.8.6
Fortinet Fortinac 8.8.5
Fortinet Fortinac 8.8.4
Fortinet Fortinac 8.8.3
Fortinet Fortinac 8.8.0
Fortinet Fortinac 8.8.1
Fortinet Fortinac 8.8.2
6.5
CVSSv2
CVE-2022-26116
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below ma...
Fortinet Fortinac
Fortinet Fortinac 8.5.4
Fortinet Fortinac 8.6.0
4.3
CVSSv2
CVE-2020-12816
An improper neutralization of input vulnerability in FortiNAC prior to 8.7.2 may allow a remote authenticated malicious user to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
Fortinet Fortinac
4.3
CVSSv2
CVE-2019-5594
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated malicious user to perform a reflected XSS attack via the search field in the webUI.
Fortinet Fortinac 8.5.0
Fortinet Fortinac
NA
CVE-2023-26206
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an malicious user to execute unauthorized code or commands via the name fields observed in the poli...
Fortinet Fortinac
Fortinet Fortinac 7.2.0
NA
CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows malicious user to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC version...
Fortinet Fortinac
Fortinet Fortinac 8.3.7
Fortinet Fortinac 9.4.0
Fortinet Fortinac 9.4.1
Fortinet Fortinac 9.4.2
Fortinet Fortinac 7.2.0
Fortinet Fortinac 7.2.1
NA
CVE-2023-22633
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated malicious user to perform a DoS attack on the devic...
Fortinet Fortinac
Fortinet Fortinac 9.4.0
Fortinet Fortinac 9.4.1
Fortinet Fortinac-f 7.2.0
NA
CVE-2022-39946
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform un...
Fortinet Fortinac
Fortinet Fortinac 9.4.0
Fortinet Fortinac 9.4.1
Fortinet Fortinac 9.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »