Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Published

2023-02-16T19:15:13.060

Last Modified

2024-11-21T07:18:33.040

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-73
Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortinac	≤ 8.8.9	Yes
Application	fortinet	fortinac	< 9.1.8	Yes
Application	fortinet	fortinac	< 9.2.6	Yes
Application	fortinet	fortinac	< 9.4.1	Yes

References

https://fortiguard.com/psirt/FG-IR-22-300 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-300 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)