CVE-2022-40678

HIGH

Fortinet Fortinac < 8.5.4 - Insufficiently Protected Credentials

Title source: rule

Description

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

References (1)

[Patch, Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-265

Scores

CVSS v3 7.4

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (3)

fortinet/fortinac < 8.5.4

fortinet/fortinac

Timeline

Published Feb 16, 2023

Tracked Since Feb 18, 2026