Lucene search

CVE-2022-39952

🗓️ 16 Feb 2023 19:13:15Reported by fortinetType

cve🔗 web.nvd.nist.gov👁 151 Views🌐 WEB

Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 external control of file name or path vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 27
RedhatCVE	CVE-2022-39952	5 Feb 202519:34	–	redhatcve
Prion	Xxe	16 Feb 202319:15	–	prion
Saint	FortiNAC keyUpload.jsp command execution	24 Feb 202300:00	–	saint
Saint	FortiNAC keyUpload.jsp command execution	24 Feb 202300:00	–	saint
GithubExploit	Exploit for Exposure of Resource to Wrong Sphere in Fortinet Fortinac	22 Feb 202304:57	–	githubexploit
GithubExploit	Exploit for Exposure of Resource to Wrong Sphere in Fortinet Fortinac	20 Feb 202315:12	–	githubexploit
GithubExploit	Exploit for Exposure of Resource to Wrong Sphere in Fortinet Fortinac	26 Feb 202318:10	–	githubexploit
GithubExploit	Exploit for CVE-2022-39952	19 Feb 202323:41	–	githubexploit
GithubExploit	Exploit for CVE-2014-4210	19 Mar 202201:54	–	githubexploit
GithubExploit	Exploit for CVE-2014-4210	19 Mar 202201:54	–	githubexploit

Nvd

Node

fortinet fortinacRange8.3.7–8.8.9

fortinet fortinacRange9.1.0–9.1.8

fortinet fortinacRange9.2.0–9.2.6

fortinet fortinacRange9.4.0–9.4.1

[
  {
    "vendor": "Fortinet",
    "product": "FortiNAC",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "9.4.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "9.2.0",
        "lessThanOrEqual": "9.2.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "9.1.0",
        "lessThanOrEqual": "9.1.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "8.8.0",
        "lessThanOrEqual": "8.8.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "8.7.0",
        "lessThanOrEqual": "8.7.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "8.6.0",
        "lessThanOrEqual": "8.6.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "8.5.0",
        "lessThanOrEqual": "8.5.4",
        "status": "affected"
      },
      {
        "version": "8.3.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-22-300

Parameter	Position	Path	Description	CWE
key	binary	/configWizard/keyUpload.jsp	Arbitrary file write vulnerability allowing unauthorized code execution via crafted HTTP requests.	CWE-668, CWE-73

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Feb 2023 19:15Current

9.7High risk

Vulners AI Score9.7

CVSS39.8

EPSS0.93244

SSVC

cve-2022-39952 fortinet fortinac security vulnerability path vulnerability command execution unauthorized access nvd