logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2022-39952

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-39952

Description:
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Last updated date:
02/24/2023

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
02/23/2023
Reference url to background

https://www.securityweek.com/fortinet-fortinac-vulnerability-exploited-in-wild-days-after-release-of-patch/

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/19/2023
Reference url to background

https://github.com/Florian-R0th/CVE-2022-39952

Type:
exploit
Confidence:
HIGH
Date of publishing:
02/20/2023
Reference url to background

https://github.com/horizon3ai/CVE-2022-39952

Type:
exploit
Confidence:
HIGH
Date of publishing:
03/13/2023
Reference url to background

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fortinac_keyupload_file_write.rb

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2023

Privacy Policy