Page 4 of 22 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. • https://fortiguard.com/psirt/FG-IR-22-280 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 3

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. • https://github.com/horizon3ai/CVE-2022-39952 https://github.com/dkstar11q/CVE-2022-39952-better https://github.com/Chocapikk/CVE-2022-39952 https://fortiguard.com/psirt/FG-IR-22-300 https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs https://www.fortiguard.com/psirt/FG-IR-22-300 https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952 • CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. • https://fortiguard.com/psirt/FG-IR-22-304 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. • https://fortiguard.com/psirt/FG-IR-22-265 • CWE-522: Insufficiently Protected Credentials •