Main Vulnerability Database Vulnerabilities #VU64935

#VU64935 Weak password requirements in FortiNAC - CVE-2022-26117

Published: July 5, 2022

Vulnerability identifier: #VU64935

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-26117

CWE-ID: CWE-521

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiNAC

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a local user to gain unauthorized access to MySQL database.

The vulnerability exists due to root account to access MySQL database does not have password set by default and allows connections from localhost. A local user can connect to the MySQL database as root.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.fortinet.com/psirt/FG-IR-22-058