CVE-2022-45859
MEDIUMFortiNAC <=9.4.1, <=9.2.6, <=9.1.8, 8.8.0, 8.7.0; FortiNAC-F 7.2.0 - Insufficiently Protected Credentials
Title source: llmDescription
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-456
Scores
CVSS v3
4.1
EPSS
0.0012
EPSS Percentile
30.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (2)
fortinet/fortinac
8.7.0 - 9.1.8
fortinet/fortinac-f
7.2.0
Published
May 03, 2023
Tracked Since
Feb 18, 2026