{"api_version":"1","generated_at":"2026-04-23T04:12:01+00:00","cve":"CVE-2023-26203","urls":{"html":"https://cve.report/CVE-2023-26203","api":"https://cve.report/api/cve/CVE-2023-26203.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-26203","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-26203"},"summary":{"title":"CVE-2023-26203","description":"A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2023-05-03 22:15:00","updated_at":"2023-11-07 04:09:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-520","name":"https://fortiguard.com/psirt/FG-IR-22-520","refsource":"MISC","tags":[],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-26203","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26203","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"26203","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortinac","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"26203","vulnerable":"1","versionEndIncluding":"9.2.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortinac","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"26203","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortinac-f","cpe6":"7.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-26203","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper access control","cweId":"CWE-798"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiNAC","version":{"version_data":[{"version_affected":"<=","version_name":"9.4.0","version_value":"9.4.1"},{"version_affected":"<=","version_name":"9.2.0","version_value":"9.2.7"},{"version_affected":"<=","version_name":"9.1.0","version_value":"9.1.9"},{"version_affected":"<=","version_name":"8.8.0","version_value":"8.8.11"},{"version_affected":"<=","version_name":"8.7.0","version_value":"8.7.6"},{"version_affected":"=","version_value":"7.2.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fortiguard.com/psirt/FG-IR-22-520","refsource":"MISC","name":"https://fortiguard.com/psirt/FG-IR-22-520"}]},"solution":[{"lang":"en","value":"Please upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC-F version 7.2.1 or above"}],"impact":{"cvss":[{"version":"3.1","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}]}},"nvd":{"publishedDate":"2023-05-03 22:15:00","lastModifiedDate":"2023-11-07 04:09:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0","versionEndIncluding":"9.2.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortinac-f:7.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}