{"api_version":"1","generated_at":"2026-04-23T04:12:05+00:00","cve":"CVE-2022-43950","urls":{"html":"https://cve.report/CVE-2022-43950","api":"https://cve.report/api/cve/CVE-2022-43950.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-43950","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-43950"},"summary":{"title":"CVE-2022-43950","description":"A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2023-05-03 22:15:00","updated_at":"2023-11-07 03:54:00"},"problem_types":["CWE-601"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-407","name":"https://fortiguard.com/psirt/FG-IR-22-407","refsource":"MISC","tags":[],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-43950","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43950","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"43950","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortinac","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43950","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortinac-f","cpe6":"7.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-43950","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands","cweId":"CWE-601"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiNAC","version":{"version_data":[{"version_affected":"<=","version_name":"9.4.0","version_value":"9.4.1"},{"version_affected":"<=","version_name":"9.2.0","version_value":"9.2.7"},{"version_affected":"<=","version_name":"9.1.0","version_value":"9.1.9"},{"version_affected":"<=","version_name":"8.8.0","version_value":"8.8.11"},{"version_affected":"<=","version_name":"8.7.0","version_value":"8.7.6"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fortiguard.com/psirt/FG-IR-22-407","refsource":"MISC","name":"https://fortiguard.com/psirt/FG-IR-22-407"}]},"solution":[{"lang":"en","value":"Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"}],"impact":{"cvss":[{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.9,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}]}},"nvd":{"publishedDate":"2023-05-03 22:15:00","lastModifiedDate":"2023-11-07 03:54:00","problem_types":["CWE-601"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0","versionEndExcluding":"9.4.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}