CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40677
https://notcve.org/view.php?id=CVE-2022-40677
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. • https://fortiguard.com/psirt/FG-IR-22-280 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 3CVE-2022-39952 – Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
https://notcve.org/view.php?id=CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. • https://github.com/horizon3ai/CVE-2022-39952 https://github.com/dkstar11q/CVE-2022-39952-better https://github.com/Chocapikk/CVE-2022-39952 https://fortiguard.com/psirt/FG-IR-22-300 https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs https://www.fortiguard.com/psirt/FG-IR-22-300 https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952 • CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40675
https://notcve.org/view.php?id=CVE-2022-40675
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39954
https://notcve.org/view.php?id=CVE-2022-39954
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. • https://fortiguard.com/psirt/FG-IR-22-304 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40678
https://notcve.org/view.php?id=CVE-2022-40678
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. • https://fortiguard.com/psirt/FG-IR-22-265 • CWE-522: Insufficiently Protected Credentials •