CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40683
https://notcve.org/view.php?id=CVE-2022-40683
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands • https://fortiguard.com/psirt/FG-IR-22-348 • CWE-415: Double Free •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-42472
https://notcve.org/view.php?id=CVE-2022-42472
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. • https://fortiguard.com/psirt/FG-IR-22-362 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-40677
https://notcve.org/view.php?id=CVE-2022-40677
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. • https://fortiguard.com/psirt/FG-IR-22-280 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 3CVE-2022-39952 – Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
https://notcve.org/view.php?id=CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. • https://github.com/horizon3ai/CVE-2022-39952 https://github.com/dkstar11q/CVE-2022-39952-better https://github.com/Chocapikk/CVE-2022-39952 https://fortiguard.com/psirt/FG-IR-22-300 https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs https://www.fortiguard.com/psirt/FG-IR-22-300 https://attackerkb.com/topics/9BvxYuiHYJ/cve-2022-39952 • CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40675
https://notcve.org/view.php?id=CVE-2022-40675
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •