An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-288 | Vendor Advisory |
Configurations
History
25 Jul 2025, 15:08
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet fortinac-f
Fortinet |
|
Summary |
|
|
References | () https://fortiguard.com/psirt/FG-IR-23-288 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:* |
14 Mar 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-14 16:15
Updated : 2025-07-25 15:08
NVD link : CVE-2023-48785
Mitre link : CVE-2023-48785
CVE.ORG link : CVE-2023-48785
JSON object : View
Products Affected
fortinet
- fortinac-f
CWE
CWE-295
Improper Certificate Validation