CVE-2022-39952
16.02.2023, 19:15
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortinac | 8.3.7 ≤ 𝑥 ≤ 8.8.9 |
| fortinet | fortinac | 9.1.0 ≤ 𝑥 < 9.1.8 |
| fortinet | fortinac | 9.2.0 ≤ 𝑥 < 9.2.6 |
| fortinet | fortinac | 9.4.0 ≤ 𝑥 < 9.4.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-73 - External Control of File Name or PathThe software allows user input to control or influence paths or file names that are used in filesystem operations.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.