Enhancement: cves/2022/CVE-2022-39952.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-22 13:21:55 -04:00
parent e63b3f67c4
commit 502e6c4dad
1 changed files with 6 additions and 3 deletions

View File

@ -1,16 +1,17 @@
id: CVE-2022-39952 id: CVE-2022-39952
info: info:
name: FortiNAC Unauthenticated Arbitrary File Write name: Fortinet FortiNAC - Arbitrary File Write
author: dwisiswant0 author: dwisiswant0
severity: critical severity: critical
description: | description: |
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.
reference: reference:
- https://fortiguard.com/psirt/FG-IR-22-300 - https://fortiguard.com/psirt/FG-IR-22-300
- https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ - https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
- https://github.com/horizon3ai/CVE-2022-39952 - https://github.com/horizon3ai/CVE-2022-39952
remediation: Upgrade to FortiNAC version 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above - https://nvd.nist.gov/vuln/detail/CVE-2022-39952
remediation: Upgrade to 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -54,3 +55,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/03/22