Fortinet FortiNAC CVE-2022-39952
Description
On Thursday, 16 February 2023, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product (Horizon3.ai).
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Web
- Last Updated: 2023-02-21
- Author: Michael Haag, Splunk
- ID: 2833a527-3b7f-41af-a950-39f7bbaff819
Narrative
This vulnerability, discovered by Gwendal Guegniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user (Horizon3.ai). Impacting FortiNAC, is tracked as CVE-2022-39952 and has a CVSS v3 score of 9.8 (critical). FortiNAC is a network access control solution that helps organizations gain real time network visibility, enforce security policies, and detect and mitigate threats. An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system, reads the security advisory.
Detections
Name | Technique | Type |
---|---|---|
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952 | Exploit Public-Facing Application, External Remote Services | TTP |
Reference
- https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
- https://viz.greynoise.io/tag/fortinac-rce-attempt?days=30
- https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaws-in-fortinac-and-fortiweb/
source | version: 1