CVE-2023-48785

Medium CVSS 4.8

Overview

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

CWE: CWE-295 Published: 2025-03-14T16:15:27.733

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.8 (MEDIUM)
Detected tags: crypto, unauth_access (tag impact: HIGH)

Recommended actions:

Drop weak ciphers/protocols; prefer modern, safe defaults.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags