1. CVE-Search
  2. CVE-2022-39952
ID CVE-2022-39952
Summary A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
References
Vulnerable Configurations
  • cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:9.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:9.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:fortinet:fortinac:8.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortinac:8.8.9:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 08-08-2023 - 14:21
Published 16-02-2023 - 19:15
Last modified 08-08-2023 - 14:21
Back to Top