CVE-2022-39952

Summary

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC9.4.0affected
FortinetFortiNAC9.2.0 <= 9.2.5affected
FortinetFortiNAC9.1.0 <= 9.1.7affected
FortinetFortiNAC8.8.0 <= 8.8.11affected
FortinetFortiNAC8.7.0 <= 8.7.6affected
FortinetFortiNAC8.6.0 <= 8.6.5affected
FortinetFortiNAC8.5.0 <= 8.5.4affected
FortinetFortiNAC8.3.7affected

Weaknesses

  • CWE-73: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References