Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-39952
PUBLISHEDA external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...
- Vendor
- Fortinet
- Product
- FortiNAC
- Published
- Feb 16, 2023
- EPSS
- —
Description
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
SSVC decision points
- Exploitation
- none
- Automatable
- Yes
- Technical impact
- total
References
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) | Apr 23, 2025 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fortinac_keyupload_file_write.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-39952.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-03-27 17:25:17 UTC · 0 stars
PoC for CVE-2022-39952 affecting Fortinet FortiNAC.
github · Created 2023-02-26 18:10:04 UTC · 3 stars
PoC for CVE-2022-39952 affecting Fortinet FortiNAC.
github · Created 2023-02-22 04:57:06 UTC · 2 stars
Write Behinder_webshell to target using CVE-2022-39952
github · Created 2023-02-20 15:12:33 UTC · 267 stars
POC for CVE-2022-39952
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit