Main Vulnerability Database SB2022070529

SB2022070529 - Unprotected MySQL root account in FortiNAC

Published: July 5, 2022

Security Bulletin ID SB2022070529

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Weak password requirements (CVE-ID: CVE-2022-26117)

The vulnerability allows a local user to gain unauthorized access to MySQL database.

The vulnerability exists due to root account to access MySQL database does not have password set by default and allows connections from localhost. A local user can connect to the MySQL database as root.

Remediation

Install update from vendor's website.

References

https://fortiguard.fortinet.com/psirt/FG-IR-22-058