{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T23:27:57.512","vulnerabilities":[{"cve":{"id":"CVE-2023-48785","sourceIdentifier":"psirt@fortinet.com","published":"2025-03-14T16:15:27.733","lastModified":"2025-07-25T15:08:45.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F."},{"lang":"es","value":"Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiNAC-F versión 7.2.4 y anteriores puede permitir que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en el canal de comunicación HTTPS entre el dispositivo FortiOS, un inventario y FortiNAC-F."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortinac-f:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.5","matchCriteriaId":"10E94405-A4E7-4380-97A3-12FB8F997887"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-288","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}