Try in Splunk Security Cloud

Description

On Thursday, 16 February 2023, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product (Horizon3.ai).

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Web
  • Last Updated: 2023-02-21
  • Author: Michael Haag, Splunk
  • ID: 2833a527-3b7f-41af-a950-39f7bbaff819

Narrative

This vulnerability, discovered by Gwendal Guegniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user (Horizon3.ai). Impacting FortiNAC, is tracked as CVE-2022-39952 and has a CVSS v3 score of 9.8 (critical). FortiNAC is a network access control solution that helps organizations gain real time network visibility, enforce security policies, and detect and mitigate threats. An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system, reads the security advisory.

Detections

Name Technique Type
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952 Exploit Public-Facing Application, External Remote Services TTP

Reference

source | version: 1