CVE-2023-22633

HIGH

FortiNAC <=9.4.1, <=9.2.6, <=9.1.8, 8.8.0, 8.7.0 - Unauthenticated DoS via Client-Secure Renegotiation

Title source: llm

Description

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-521

Scores

CVSS v3 7.5

EPSS 0.0026

EPSS Percentile 49.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-264

Status published

Products (4)

fortinet/fortinac 9.4.0

fortinet/fortinac 9.4.1

fortinet/fortinac 8.7.0 - 8.7.6

fortinet/fortinac-f 7.2.0

Published Jun 13, 2023

Tracked Since Feb 18, 2026