Multiple XML external entity (XXE) injection
Summary
An improper restriction of XML external entity reference vulnerability [CWE-611] in the parser of XML requests of FortiNAC may allow an unauthenticated attacker to trigger a denial of service or read arbitrary files from the underlying file system via specifically crafted XML documents.
Affected Products
FortiNAC version 9.4.0 through 9.4.1
FortiNAC all versions 9.2, 9.1, 8.8, 8.7, 8.6, 8.5, 8.3
Solutions
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 7.2.0 or above