A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Attack Vector (AV) | Network | Adjacent | Local | Physical |
---|---|---|---|---|
Attack Complexity (AC) | LOW | High | ||
Privileges Required (PR) | None | Low | High | |
User Interaction (UI) | None | Required | ||
Scope (S) | Unchange | Change | ||
Confidentiality (C) | None | Low | High | |
Integrity (I) | None | Low | High | |
Availability (A) | None | Low | High |
CVE Infomation | Exploits or more Infomation |
---|---|
mitre | EXPLOIT DATABASE |
NVD | 0day.today |
vulmon.com | github |
CVE Details | |
JVN ENG JPN | |
Reconshell |
Software Tag: Apple(1 tweets) BIG-IP(1 tweets) Windows(2 tweets) iOS(1 tweets)
List of frequently cited URLs
List of frequently cited URLs
URL | Num of Times Referred to |
---|---|
cvetrends.com | 49 |
github.com | 29 |
lists.astaro.com | 18 |
www.reddit.com | 15 |
securityaffairs.com | 15 |
www.fortiguard.com | 13 |
www.horizon3.ai | 9 |
www.securityweek.com | 8 |
www.cronup.com | 5 |
securityonline.info | 5 |
twitter.com | 4 |
www.helpnetsecurity.com | 4 |
t.me | 3 |
bit.ly | 3 |
Horizon3.ai | 3 |
viz.greynoise.io | 3 |
www.recordedfuture.com | 3 |
www.bleepingcomputer.com | 3 |
Name | URL |
---|---|
horizon3ai/CVE-2022-39952 | https://github.com/horizon3ai/CVE-2022-39952 |
shiyeshu/CVE-2022-39952_webshell | https://github.com/shiyeshu/CVE-2022-39952_webshell |
Chocapikk/CVE-2022-39952 | https://github.com/Chocapikk/CVE-2022-39952 |
hackingyseguridad/nmap | https://github.com/hackingyseguridad/nmap |
Name | URL |
---|---|
horizon3ai/CVE-2022-39952 | github.com |
shiyeshu/CVE-2022-39952_webshell | github.com |
Chocapikk/CVE-2022-39952 | github.com |
hackingyseguridad/nmap | github.com |