Main Vulnerability Database Vulnerabilities #VU64935

Weak password requirements in FortiNAC - CVE-2022-26117

Published: July 5, 2022

Vulnerability identifier: #VU64935

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-26117

CWE-ID: CWE-521

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiNAC

Detailed vulnerability description

The vulnerability allows a local user to gain unauthorized access to MySQL database.

The vulnerability exists due to root account to access MySQL database does not have password set by default and allows connections from localhost. A local user can connect to the MySQL database as root.

How to mitigate CVE-2022-26117

Install updates from vendor's website.

Sources

https://fortiguard.fortinet.com/psirt/FG-IR-22-058

Weak password requirements in FortiNAC - CVE-2022-26117

Detailed vulnerability description

How to mitigate CVE-2022-26117

Sources

Please verify you're human