CVE-2022-39952

Description from NVD

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Information Acquisition Date:2023-03-01T14:56Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-300
     source:MISC
     tags:Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apple(1 tweets) BIG-IP(1 tweets) Windows(2 tweets) iOS(10 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
https://github.com/horizon3ai/CVE-2022-3995232
https://lists.astaro.com/ASGV9-IPS-rules.html#018
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-de...16
https://securityaffairs.com/142621/hacking/fortinet-fortina...15
https://www.reddit.com/r/netsec13
https://www.helpnetsecurity.com/2023/02/20/cve-2022-39952/?...11
https://www.securityweek.com/fortinet-patches-critical-code...8
https://twitter.com/Horizon3Attack/status/16266927780622377137
https://www.cronup.com/explotacion-masiva-de-fortinet-forti...5
https://www.fortiguard.com/psirt/FG-IR-22-3005
https://securityonline.info/fortinet-patches-critical-cve-2...5
https://t.me/gobies4
http://Horizon3.ai4
https://bit.ly/3lMKCdR3
https://viz.greynoise.io/tag/fortinac-rce-attempt?days=33
https://www.recordedfuture.com/cve-2022-39952-fortinet-fort...3
https://www.bleepingcomputer.com/news/security/exploit-rele...3

▼ Show Information from Twitter(424)

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
github.com32
lists.astaro.com18
www.horizon3.ai16
securityaffairs.com15
www.reddit.com13
www.helpnetsecurity.com11
www.securityweek.com8
twitter.com7
www.cronup.com5
www.fortiguard.com5
securityonline.info5
t.me4
Horizon3.ai4
bit.ly3
viz.greynoise.io3
www.recordedfuture.com3
www.bleepingcomputer.com3

▼ Show Information from Twitter(424)

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-39952 https://github.com/horizon3ai/CVE-2022-39952
shiyeshu/CVE-2022-39952_webshell https://github.com/shiyeshu/CVE-2022-39952_webshell
Chocapikk/CVE-2022-39952 https://github.com/Chocapikk/CVE-2022-39952
hackingyseguridad/nmap https://github.com/hackingyseguridad/nmap
GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-39952 github.com
shiyeshu/CVE-2022-39952_webshell github.com
Chocapikk/CVE-2022-39952 github.com
hackingyseguridad/nmap github.com
2023/03/21 Score : 0
Added Har-sia Database : 2023/02/17
Last Modified : 2023/03/21
Highest Scored Date : 2023/02/22
Highest Score : 111