Vulnerabilities > CVE-2022-39952 - Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb (source)
- Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952) (source)
- PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952) (source)
- Exploit released for critical Fortinet RCE flaws, patch now (source)
- Hackers now exploit critical Fortinet bug to backdoor servers (source)
- Exploit released for critical Fortinet RCE flaw, patch now (source)
- Fortinet fixes critical FortiNAC remote command execution flaw (source)