Vulnerability Details CVE-2022-38375
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.4%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2022-38375
-
cpe:2.3:a:fortinet:fortinac-f:-
-
cpe:2.3:a:fortinet:fortinac:9.2.0
-
cpe:2.3:a:fortinet:fortinac:9.2.1
-
cpe:2.3:a:fortinet:fortinac:9.2.2
-
cpe:2.3:a:fortinet:fortinac:9.2.3
-
cpe:2.3:a:fortinet:fortinac:9.2.4
-
cpe:2.3:a:fortinet:fortinac:9.2.5
-
cpe:2.3:a:fortinet:fortinac:9.2.6
-
cpe:2.3:a:fortinet:fortinac:9.4.0
-
cpe:2.3:a:fortinet:fortinac:9.4.1