Exploit for #VU72373 External Control of File Name or Path in FortiNAC

Cybersecurity Help s.r.o.

Published: 2023-02-21 | Updated: 2023-05-07

Vulnerability identifier: #VU72373

Vulnerability risk: Critical

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2022-39952

CWE-ID: CWE-73

Exploitation vector: Network

Exploits in database: 4

May 7, 2023
- CVE-2022-39952 (PoC for CVE-2022-39952 affecting Fortinet FortiNAC.) [Github]
March 14, 2023
- Fortinet FortiNAC keyUpload.jsp arbitrary file write [Metasploit]
February 22, 2023
- CVE-2022-39952_webshell (Write Behinder_webshell to target using CVE-2022-39952) [Github]
February 21, 2023
- CVE-2022-39952 (POC for CVE-2022-39952) [Github]

Vulnerable software:
FortiNAC
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc