Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-39952

Published: 16/02/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Fortinet

Vulnerability Summary

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 up to and including 9.2.5, 9.1.0 up to and including 9.1.7, 8.8.0 up to and including 8.8.11, 8.7.0 up to and including 8.7.6, 8.6.0 up to and including 8.6.5, 8.5.0 up to and including 8.5.4, 8.3.7 may allow an unauthenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortinac

Exploits

Exploit DB: Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/crond which executes the payload in the context of the root user The core vulnerability is an arbitrary file write issue in /configWizard/keyUploadjsp which is accessible remotely and without authentication When you send the vulnerable endpoint a ZI ...

Github Repositories

https://github.com/horizon3ai/CVE-2022-39952

POC for CVE-2022-39952

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet FortiNAC The default configuration of this exploit writes a cron job to create a reverse shell Be sure to change the payload file to suite your environment Technical Analysis A technical root cause analysis of the vulnerability and indicators of compromise can be found on our blog: wwwhorizon3ai/fortinet-forti

https://github.com/Chocapikk/CVE-2022-39952

PoC for CVE-2022-39952 affecting Fortinet FortiNAC.

FortiNAC CVE-2022-39952 PoC for CVE-2022-39952 affecting Fortinet FortiNAC This exploit allows an attacker to execute arbitrary commands on the FortiNAC server It is based on the PoC developed by horizon3ai, with additional options for targeting multiple hosts Disclaimer: This exploit is for educational purposes only Please use responsibly and with permission Usage: us

https://github.com/shiyeshu/CVE-2022-39952_webshell

Write Behinder_webshell to target using CVE-2022-39952

Write Behinder_webshell to target using CVE-2022-39952 File Address: xxxxxxxx:8443/shelljsp password:rebeyond Version used: Behinder_v30 Script improvement from: githubcom/horizon3ai/CVE-2022-39952

https://github.com/kannkyo/epss-api

EPSS(Exploit Prediction Scoring System) API client

EPSS API Client EPSS(Exploit Prediction Scoring System) API client EPSS is the one of famous vulnerability score developed by FIRST (the Forum of Incident Response and Security Teams) EPSS's definition: The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exp

References

CWE-668https://fortiguard.com/psirt/FG-IR-22-300https://nvd.nist.govhttps://packetstormsecurity.com/files/171351/Fortinet-FortiNAC-keyUpload.jsp-Arbitrary-File-Write.htmlhttps://github.com/horizon3ai/CVE-2022-39952
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook