CVE-2021-43065: 
FortiNAC vulnerability analysis and mitigation

A incorrect permission assignment for critical resource vulnerability (CVE-2021-43065) was discovered in Fortinet FortiNAC versions 9.2.0, 9.1.3 and below, and 8.8.9 and below. The vulnerability was disclosed on December 9, 2021, affecting Fortinet FortiNAC's configuration system (NVD, Fortinet Advisory).

The vulnerability stems from improper permission settings on a tomcat configuration file that contains sensitive credentials. An unprivileged SSH user can read the login and password of the FortiNAC Configuration Wizard (accessible at https://:8443/configWizard) stored in cleartext in the /bsc/services/tomcat-admin/conf/tomcat-users.xml file. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access with low complexity and privileges required (Github Advisory).

The vulnerability allows an authenticated attacker to access sensitive system data and potentially elevate their privileges to admin level. Once an attacker gains access to the Configuration Wizard, they can modify parameters that could lead to denial of service or change the configuration password, preventing legitimate administrator access (Github Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to one of the following versions: FortiNAC version 10.0.0 or above, FortiNAC version 9.2.1 or above, FortiNAC version 9.1.4 or above, or FortiNAC version 8.8.10 or above. There are no workarounds available for this vulnerability (Github Advisory).