Enhancement: cves/2022/CVE-2022-39952.yaml by md

cves/2022/CVE-2022-39952.yaml

@@ -1,16 +1,17 @@
 id: CVE-2022-39952
 
 info:
-  name: FortiNAC Unauthenticated Arbitrary File Write
+  name: Fortinet FortiNAC - Arbitrary File Write
   author: dwisiswant0
   severity: critical
   description: |
-    A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
+    Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.
   reference:
     - https://fortiguard.com/psirt/FG-IR-22-300
     - https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
     - https://github.com/horizon3ai/CVE-2022-39952
-  remediation: Upgrade to FortiNAC version 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-39952
+  remediation: Upgrade to 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -54,3 +55,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/03/22