A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-300 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-668 |
24 Feb 2023, 23:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-610 | |
CPE | cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* | |
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-300 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Fortinet
Fortinet fortinac |
16 Feb 2023, 19:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-16 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-39952
Mitre link : CVE-2022-39952
CVE.ORG link : CVE-2022-39952
JSON object : View
Products Affected
fortinet
- fortinac