Details of VAR-202302-1271

ID

VAR-202302-1271

CVE

CVE-2022-39952

TITLE

fortinet's FortiNAC Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004446

DESCRIPTION

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. fortinet's FortiNAC Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-39952 // JVNDB: JVNDB-2023-004446 // VULHUB: VHN-435749 // VULMON: CVE-2022-39952

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.2.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lt	version:	9.4.1	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.4.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lt	version:	9.2.6	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	9.1.0	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lt	version:	9.1.8	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	lte	version:	8.8.9	Trust: 1.0
vendor:	fortinet	model:	fortinac	scope:	gte	version:	8.3.7	Trust: 1.0
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	9.4.0 that's all 9.4.1	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	8.3.7 to 8.8.9	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	9.1.0 that's all 9.1.8	Trust: 0.8
vendor:	フォーティネット	model:	fortinac	scope:	eq	version:	9.2.0 that's all 9.2.6	Trust: 0.8

sources: JVNDB: JVNDB-2023-004446 // NVD: CVE-2022-39952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39952
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2022-39952
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-39952
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202302-1434
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-39952
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-39952
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004446 // CNNVD: CNNVD-202302-1434 // NVD: CVE-2022-39952 // NVD: CVE-2022-39952

PROBLEMTYPE DATA

problemtype:	CWE-73	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-610	Trust: 0.1

sources: VULHUB: VHN-435749 // JVNDB: JVNDB-2023-004446 // NVD: CVE-2022-39952

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1434

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1434

PATCH

title:	FG-IR-22-300	url:	https://fortiguard.com/psirt/FG-IR-22-300	Trust: 0.8
title:	Fortinet FortiNAC Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226804	Trust: 0.6
title:	-	url:	https://github.com/Florian-R0th/CVE-2022-39952	Trust: 0.1

sources: VULMON: CVE-2022-39952 // JVNDB: JVNDB-2023-004446 // CNNVD: CNNVD-202302-1434

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39952	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004446	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1434	Trust: 0.6
db:	VULHUB	id:	VHN-435749	Trust: 0.1
db:	VULMON	id:	CVE-2022-39952	Trust: 0.1

sources: VULHUB: VHN-435749 // VULMON: CVE-2022-39952 // JVNDB: JVNDB-2023-004446 // CNNVD: CNNVD-202302-1434 // NVD: CVE-2022-39952

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-300	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39952	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39952/	Trust: 0.6
url:	https://github.com/florian-r0th/cve-2022-39952	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-435749 // VULMON: CVE-2022-39952 // JVNDB: JVNDB-2023-004446 // CNNVD: CNNVD-202302-1434 // NVD: CVE-2022-39952

SOURCES

db:	VULHUB	id:	VHN-435749
db:	VULMON	id:	CVE-2022-39952
db:	JVNDB	id:	JVNDB-2023-004446
db:	CNNVD	id:	CNNVD-202302-1434
db:	NVD	id:	CVE-2022-39952

LAST UPDATE DATE

2024-08-14T14:10:18.628000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-435749	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-39952	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004446	date:	2023-10-30T06:18:00
db:	CNNVD	id:	CNNVD-202302-1434	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-39952	date:	2023-11-07T03:50:41.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-435749	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-39952	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004446	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1434	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-39952	date:	2023-02-16T19:15:13.060