{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-26203","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-02-20T15:09:20.635Z","datePublished":"2023-05-03T21:27:00.343Z","dateUpdated":"2024-10-23T14:27:47.396Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiNAC","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"9.4.0","lessThanOrEqual":"9.4.1","status":"affected"},{"versionType":"semver","version":"9.2.0","lessThanOrEqual":"9.2.7","status":"affected"},{"versionType":"semver","version":"9.1.0","lessThanOrEqual":"9.1.9","status":"affected"},{"versionType":"semver","version":"8.8.0","lessThanOrEqual":"8.8.11","status":"affected"},{"versionType":"semver","version":"8.7.0","lessThanOrEqual":"8.7.6","status":"affected"},{"version":"7.2.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-05-03T21:27:00.343Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-798","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-520","url":"https://fortiguard.com/psirt/FG-IR-22-520"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:39:06.592Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-520","url":"https://fortiguard.com/psirt/FG-IR-22-520","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:06.726078Z","id":"CVE-2023-26203","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:27:47.396Z"}}]}}