Lucene search
+L

12 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.18 views

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS7.7AI score0.99815EPSS
Exploits7References1
The Hacker News
The Hacker News
added 2023/06/27 5:35 a.m.68 views

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been...

9.8CVSS8.8AI score0.99815EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2023/03/17 7:33 p.m.71 views

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

7.2CVSS0.2AI score0.99815EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/03/15 12:0 a.m.381 views

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

9.8CVSS0.5AI score0.99815EPSS
Exploits7
0day.today
0day.today
added 2023/03/15 12:0 a.m.421 views

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

9.8CVSS9.8AI score0.99815EPSS
Exploits7
GithubExploit
GithubExploit
added 2023/02/26 6:10 p.m.276 views

Exploit for External Control of File Name or Path in Fortinet Fortinac

FortiNAC CVE-2022-39952 PoC for CVE-2022-39952 affecting F...

9.8CVSS9.9AI score0.99815EPSS
Exploits7
GithubExploit
GithubExploit
added 2023/02/20 3:12 p.m.397 views

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet Forti...

9.8CVSS9.9AI score0.99815EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/02/19 6:27 a.m.4 views

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a...

9.8CVSS8.8AI score0.99815EPSS
Exploits8
The Hacker News
The Hacker News
added 2023/02/19 6:27 a.m.90 views

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a...

0.9AI score0.99815EPSS
Exploits8
Circl
Circl
added 2023/02/17 4:0 a.m.40 views

CVE-2022-39952

creationtimestamp| type| source ---|---|--- 2023-02-17 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=974 2023-02-19 08:36:16+00:00| seen| Telegram/xsTtApY3O8LYaQlwSLnV7xep0iYsFMDc8zjy5nUPKpyG 2023-02-20 07:21:35+00:00| published-proof-of-concept| https://t.me/ctinow/9442...

9.8CVSS7.1AI score0.99815EPSS
In wildExploits7References42
Cvelist
Cvelist
added 2023/02/16 6:6 p.m.59 views

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

9.8CVSS9.9AI score0.99815EPSS
Exploits7References1
CVE
CVE
added 2023/02/16 6:6 p.m.295 views

CVE-2022-39952

Fortinet FortiNAC is affected by CVE-2022-39952 via an external control of the file name or path in the /configWizard/keyUpload.jsp endpoint. A unauthenticated attacker can write arbitrary files, enabling unauthenticated remote code execution (root context) and potential data loss or modification...

9.8CVSS9.7AI score0.99815EPSS
In wildExploits7References1Affected Software1
Rows per page
Query Builder