Enhancement: cves/2022/CVE-2022-39952.yaml by md
parent
e63b3f67c4
commit
502e6c4dad
|
@ -1,16 +1,17 @@
|
||||||
id: CVE-2022-39952
|
id: CVE-2022-39952
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: FortiNAC Unauthenticated Arbitrary File Write
|
name: Fortinet FortiNAC - Arbitrary File Write
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
|
Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.
|
||||||
reference:
|
reference:
|
||||||
- https://fortiguard.com/psirt/FG-IR-22-300
|
- https://fortiguard.com/psirt/FG-IR-22-300
|
||||||
- https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
|
- https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
|
||||||
- https://github.com/horizon3ai/CVE-2022-39952
|
- https://github.com/horizon3ai/CVE-2022-39952
|
||||||
remediation: Upgrade to FortiNAC version 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-39952
|
||||||
|
remediation: Upgrade to 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
|
@ -54,3 +55,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by md on 2023/03/22
|
||||||
|
|
Loading…
Reference in New Issue