CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 05, 2022
Published Date: February 16, 2023
Last Updated: October 23, 2024
Vendor: Fortinet
Product: FortiNAC
Description: A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-23 00:00:00 UTC

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fortinac_keyupload_file_write.rb	2025-04-29 11:01:12 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-39952.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-39952

Type: github • Created: 2023-03-27 17:25:17 UTC • Stars: 0

PoC for CVE-2022-39952 affecting Fortinet FortiNAC.

Type: github • Created: 2023-02-26 18:10:04 UTC • Stars: 3

PoC for CVE-2022-39952 affecting Fortinet FortiNAC.

Type: github • Created: 2023-02-22 04:57:06 UTC • Stars: 2

Write Behinder_webshell to target using CVE-2022-39952

Type: github • Created: 2023-02-20 15:12:33 UTC • Stars: 267

POC for CVE-2022-39952