⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2022-39952
Severity
9.8CRITICAL
EPSS
93.8%
top 0.14%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 16
Latest updateFeb 24
Description
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1Nuclei▶
Fortinet FortiNAC - Arbitrary File Write
🔍Detection Rules
1Suricata▶
ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)↗2023-02-21
📋Vendor Advisories
1Fortinet▶
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8...↗2023-02-16