An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-304 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:06:50.083Z
Updated: 2023-02-16T18:06:50.083Z
Reserved: 2022-09-05T13:11:35.554Z
Link: CVE-2022-39954
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-16T19:15:13.120
Modified: 2023-11-07T03:50:41.493
Link: CVE-2022-39954
JSON object: View
Redhat Information
No data.
CWE