CVE-2022-39952 PoC — Fortinet FortiNAC 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-39952.yaml

Associated Vulnerability

Title:Fortinet FortiNAC 安全漏洞 (CVE-2022-39952)
Description:Fortinet FortiNAC是美国飞塔（Fortinet）公司的一种零信任访问解决方案。 Fortinet FortiNAC存在安全漏洞。攻击者利用该漏洞通过特制的HTTP请求执行未经授权的代码或命令。以下版本受到影响：9.4.0版本、9.2.0版本至9.2.5版本、9.1.0版本至9.1.7版本、8.8.0版本至8.8.11版本、8.7.0版本至8.7.6版本、8.6.0版本至8.6.5版本、8.5.0版本至8.5.4版本、8.3.7版本。

Description

Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.

File Snapshot


 id: CVE-2022-39952

info:
  name: Fortinet FortiNAC - Arbitrary File Write
  author: dwisiswant0
  s

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!