CVE-2022-39952

CRITICAL EXPLOITED IN THE WILD NUCLEI

Fortinet FortiNAC keyUpload.jsp arbitrary file write

Title source: metasploit

Description

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Exploits (6)

nomisec WORKING POC 266 stars

by horizon3ai · remote

https://github.com/horizon3ai/CVE-2022-39952

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2022-39952

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by shiyeshu · remote

https://github.com/shiyeshu/CVE-2022-39952_webshell

View Code ZIP pw:eip

nomisec WORKING POC

by dkstar11q · remote

https://github.com/dkstar11q/CVE-2022-39952-better

View Code ZIP pw:eip

gitlab SCANNER

by Randsec · poc

https://gitlab.com/Randsec/cve-2022-39952-honeypot

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Gwendal Guégniaud, Zach Hanley, jheysel-r7 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fortinac_keyupload_file_write.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiNAC - Arbitrary File Write

CRITICALVERIFIEDby dwisiswant0

Shodan: title:"FortiNAC" || http.title:"fortinac"

FOFA: title="fortinac"

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-300

Scores

CVSS v3 9.8

EPSS 0.9378

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2023-07-05

InTheWild.io 2023-02-23

Classification

CWE

CWE-668 CWE-73

Status published

Affected Products (1)

fortinet/fortinac < 8.8.9

Timeline

Published Feb 16, 2023

Tracked Since Feb 18, 2026