Description
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
E
Unchanged
RL
X
RC
X
Affected products
- fortinet / FortiNAC-F7.2.0 – 7.2.4
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-23-288