CVE-2022-40675: 
FortiNAC vulnerability analysis and mitigation

A cryptographic vulnerability identified as CVE-2022-40675 was discovered in Fortinet FortiNAC, affecting multiple versions including 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7. The vulnerability was disclosed on February 16, 2023, and received a CVSS v3 base score of 6.0, indicating medium severity (NVD, FortiGuard).

The vulnerability involves cryptographic issues that could potentially compromise the security of protocol communication messages. The CVSS metrics indicate that this is a network-based attack vector with high attack complexity, requiring no privileges or user interaction, and affects the confidentiality and integrity of the system while maintaining unchanged scope (AttackerKB).

The vulnerability allows an attacker to decrypt and forge protocol communication messages, potentially compromising the confidentiality and integrity of system communications. This could lead to unauthorized access to sensitive information and the ability to manipulate communication protocols (MITRE).

Fortinet has addressed this vulnerability by releasing security patches. Users are advised to upgrade to the latest version of FortiNAC to mitigate the risk. The specific versions that contain the fix are version 9.4.2 and above (FortiGuard).