{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-22638","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-01-05T10:06:31.522Z","datePublished":"2023-02-16T18:07:06.780Z","dateUpdated":"2024-10-23T14:32:18.357Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiNAC","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"9.4.0","lessThanOrEqual":"9.4.1","status":"affected"},{"versionType":"semver","version":"9.2.0","lessThanOrEqual":"9.2.7","status":"affected"},{"versionType":"semver","version":"9.1.0","lessThanOrEqual":"9.1.8","status":"affected"},{"versionType":"semver","version":"8.8.0","lessThanOrEqual":"8.8.11","status":"affected"},{"versionType":"semver","version":"8.7.0","lessThanOrEqual":"8.7.6","status":"affected"},{"versionType":"semver","version":"8.6.0","lessThanOrEqual":"8.6.5","status":"affected"},{"versionType":"semver","version":"8.5.0","lessThanOrEqual":"8.5.4","status":"affected"},{"version":"8.3.7","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC  9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:07:06.780Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiNAC-F version 7.2.0 or above,\r\nPlease upgrade to FortiNAC version 9.4.2 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-260","url":"https://fortiguard.com/psirt/FG-IR-22-260"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:13:49.511Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-260","url":"https://fortiguard.com/psirt/FG-IR-22-260","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:35.344234Z","id":"CVE-2023-22638","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:32:18.357Z"}}]}}