Unauthenticated Code Execution Vulnerability in Fortinet FortiNAC

Unauthenticated Code Execution Vulnerability in Fortinet FortiNAC

CVE-2022-39952 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Learn more about our Cis Benchmark Audit For Fortinet.