Headline
CVE-2023-22633: Fortiguard
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
** PSIRT Advisories**
FortiNAC - SSL Renegotation leading to DoS
Summary
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
Affected Products
At least
FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
FortiNAC version 9.1.0 through 9.1.8
FortiNAC 8.8.0 all versions
FortiNAC 8.7.0 all versions
Solutions
Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above
Please upgrade to FortiNAC version 9.1.9 or above
Acknowledgement
Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure.
Timeline
2023-05-10: Initial publication