An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
References
History

Wed, 23 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-02-16T18:06:50.083Z

Updated: 2024-10-23T14:45:55.394Z

Reserved: 2022-09-05T13:11:35.554Z

Link: CVE-2022-39954

cve-icon Vulnrichment

Updated: 2024-08-03T12:07:42.979Z

cve-icon NVD

Status : Modified

Published: 2023-02-16T19:15:13.120

Modified: 2024-11-21T07:18:33.333

Link: CVE-2022-39954

cve-icon Redhat

No data.