CVE-2022-45859

MEDIUM

Fortinet Fortinac < 9.1.8 - Insufficiently Protected Credentials

Title source: rule

Description

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-456

Scores

CVSS v3 4.1

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

fortinet/fortinac < 9.1.8

fortinet/fortinac-f

Timeline

Published May 03, 2023

Tracked Since Feb 18, 2026