Vulnerability Description
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinac | >= 8.3.7, <= 9.2.7 |
| Fortinet | Fortinac-F | < 7.2.0 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-22-304Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-304Vendor Advisory
FAQ
What is CVE-2022-39954?
CVE-2022-39954 is a vulnerability with a CVSS score of 7.3 (HIGH). An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version ...
How severe is CVE-2022-39954?
CVE-2022-39954 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39954?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortinac, Fortinet Fortinac-F.