CVE-2022-39952

Description from NVD

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Information Acquisition Date:2023-03-01T14:56Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-300
     source:MISC
     tags:Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apple(1 tweets) BIG-IP(1 tweets) Windows(2 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com49
https://github.com/horizon3ai/CVE-2022-3995229
https://lists.astaro.com/ASGV9-IPS-rules.html#018
https://www.reddit.com/r/netsec15
https://securityaffairs.com/142621/hacking/fortinet-fortina...15
https://www.fortiguard.com/psirt/FG-IR-22-30013
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-de...9
https://www.securityweek.com/fortinet-patches-critical-code...8
https://www.cronup.com/explotacion-masiva-de-fortinet-forti...5
https://securityonline.info/fortinet-patches-critical-cve-2...5
https://twitter.com/Horizon3Attack/status/16266927780622377134
https://www.helpnetsecurity.com/2023/02/20/cve-2022-39952/?...4
https://t.me/gobies3
https://bit.ly/3lMKCdR3
http://Horizon3.ai3
https://viz.greynoise.io/tag/fortinac-rce-attempt?days=33
https://www.recordedfuture.com/cve-2022-39952-fortinet-fort...3
https://www.bleepingcomputer.com/news/security/exploit-rele...3

▼ Show Information from Twitter(299)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com49
github.com29
lists.astaro.com18
www.reddit.com15
securityaffairs.com15
www.fortiguard.com13
www.horizon3.ai9
www.securityweek.com8
www.cronup.com5
securityonline.info5
twitter.com4
www.helpnetsecurity.com4
t.me3
bit.ly3
Horizon3.ai3
viz.greynoise.io3
www.recordedfuture.com3
www.bleepingcomputer.com3

▼ Show Information from Twitter(299)


GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-39952 https://github.com/horizon3ai/CVE-2022-39952
shiyeshu/CVE-2022-39952_webshell https://github.com/shiyeshu/CVE-2022-39952_webshell
Chocapikk/CVE-2022-39952 https://github.com/Chocapikk/CVE-2022-39952
hackingyseguridad/nmap https://github.com/hackingyseguridad/nmap

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-39952 github.com
shiyeshu/CVE-2022-39952_webshell github.com
Chocapikk/CVE-2022-39952 github.com
hackingyseguridad/nmap github.com

2023/04/10 Score : 0
Added Har-sia Database : 2023/02/17
Last Modified : 2023/04/10
Highest Scored Date : 2023/02/22
Highest Score : 111