{"vulnerability": "cve-2022-3995", "sightings": [{"uuid": "9349b4a9-038a-49f6-bc03-287a6574769e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-17)", "content": "", "creation_timestamp": "2025-08-17T00:00:00.000000Z"}, {"uuid": "73746765-f21b-40b8-91f4-c5fd345ab777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "39525a82-0869-4bcc-9df0-2a273b3694e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fortinac_keyupload_file_write.rb", "content": "", "creation_timestamp": "2023-03-14T16:24:18.000000Z"}, {"uuid": "1a60f37a-5aa2-4f77-9150-0ef0d8716454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:46.000000Z"}, {"uuid": "3913f2fd-f999-4d7e-9e94-8c84c48be5e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-18)", "content": "", "creation_timestamp": "2025-12-18T00:00:00.000000Z"}, {"uuid": "9e94def4-591c-467e-888f-37bccc8bc055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-18)", "content": "", "creation_timestamp": "2025-12-18T00:00:00.000000Z"}, {"uuid": "c55f2fa8-7955-4a1d-8d2c-00d21544f60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "5bb8758a-940e-4ebf-be08-c54eedc3ff04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "086fb958-0827-4451-bfe0-7036976f34e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-18)", "content": "", "creation_timestamp": "2026-01-18T00:00:00.000000Z"}, {"uuid": "92e1f8f6-a90c-4c65-b993-3ee3c6998d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-19)", "content": "", "creation_timestamp": "2026-01-19T00:00:00.000000Z"}, {"uuid": "703b7b14-108f-43fb-ab6f-2b57cc570857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-22)", "content": "", "creation_timestamp": "2026-01-22T00:00:00.000000Z"}, {"uuid": "0059e990-3633-48fe-ae05-3b6ac389647c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=974", "content": "", "creation_timestamp": "2023-02-17T04:00:00.000000Z"}, {"uuid": "2c50c576-05b3-410e-8cb1-6ad7eee34357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-05)", "content": "", "creation_timestamp": "2026-03-05T00:00:00.000000Z"}, {"uuid": "91ecc20c-7a70-4fb7-b683-169d31a1fca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-13)", "content": "", "creation_timestamp": "2026-04-13T00:00:00.000000Z"}, {"uuid": "fb11d0eb-7b79-4a4d-8ead-8d5233caca3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "Telegram/xsTtApY3O8LYaQlwSLnV7xep0iYsFMDc8zjy5nUPKpyG", "content": "", "creation_timestamp": "2023-02-19T08:36:16.000000Z"}, {"uuid": "220114d4-87d6-4be9-aae6-db6cce560cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3995", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2825", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3995\n\ud83d\udd39 Description: The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.\n\ud83d\udccf Published: 2022-11-29T20:43:15.611Z\n\ud83d\udccf Modified: 2025-01-23T20:49:07.448Z\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk\n2. https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3995", "creation_timestamp": "2025-01-23T21:03:30.000000Z"}, {"uuid": "4805a2db-88df-48a9-ae8e-8d7c9c0a2f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/poxek/2744", "content": "Fortinet FortiNAC Unauthenticated RCE\n\n\u0412 \u0447\u0435\u0442\u0432\u0435\u0440\u0433, 16 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2023 \u0433\u043e\u0434\u0430, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 PSIRT, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0430 CVE-2022-39952, \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442 FortiNAC. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f Gwendal Gu\u00e9gniaud \u0438\u0437 Fortinet, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u043e\u0442 root'\u0430.\n\n#fortinet #CVE #POC", "creation_timestamp": "2023-02-27T12:09:10.000000Z"}, {"uuid": "ff6fe72f-05b6-428f-a9f0-12d551d004ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/1a7NWt8bN1GelvhRSHqvS3B7-bq6UO2i8jRKwkER1HNo85Q", "content": "", "creation_timestamp": "2023-03-31T11:34:35.000000Z"}, {"uuid": "ddf0a8a0-3388-4606-9b10-2981a85d7c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "https://t.me/ctinow/95289", "content": "Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit\n\nhttps://ift.tt/mrcOhHY", "creation_timestamp": "2023-02-23T21:06:24.000000Z"}, {"uuid": "eebe46e6-9048-4811-abe1-7db5d7f81fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/ctinow/94711", "content": "PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)\n\nhttps://ift.tt/V8F04Tk", "creation_timestamp": "2023-02-21T16:41:07.000000Z"}, {"uuid": "d8d25c78-e57d-4588-b85e-12bb25f29f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/94673", "content": "Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs\n\nhttps://ift.tt/Sq9uzft", "creation_timestamp": "2023-02-21T15:01:50.000000Z"}, {"uuid": "fb343e6f-b768-45c3-a534-49de702623c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/94426", "content": "Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)\n\nhttps://ift.tt/Gvx0Y8y", "creation_timestamp": "2023-02-20T07:21:35.000000Z"}, {"uuid": "2db002ab-994e-4c0e-8b82-03d674de5e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/JStzExkQ5L9j-72iOnxfyDBcSxtmM8LMXHCAWu85VT4HSKs", "content": "", "creation_timestamp": "2023-02-21T18:42:03.000000Z"}, {"uuid": "732fcf8e-084a-490f-a733-e8f1d57d25ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/JdLIVKVqF7N3r4MZogZKYSzXDVHH1BlYMt5IJB5974PanGQ", "content": "", "creation_timestamp": "2023-02-21T16:18:39.000000Z"}, {"uuid": "84730254-8ed1-471e-8ebc-6eab44f2f623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/1736", "content": "Fortinet FortiNAC Unauthenticated RCE\n\nPoC:\nhttps://github.com/horizon3ai/CVE-2022-39952\n\nResearch: \nhttps://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/\n\n#fortinet #fortinac #rce #cve", "creation_timestamp": "2023-03-01T07:14:48.000000Z"}, {"uuid": "c45cd9f7-52e5-4b93-888d-23c7633dbc93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/WZPr1OwRePqVHQ5e_YvPZlA3Nw9YwdG_MVzdeLoxetPvIvg", "content": "", "creation_timestamp": "2023-04-13T06:33:05.000000Z"}, {"uuid": "1dff2c4c-3f41-49aa-8938-ff7be155d5c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/true_secator/4087", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 40 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0441\u0432\u043e\u0435\u0439 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u041f\u041e, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 FortiWeb, FortiOS, FortiNAC \u0438 FortiProxy.\n\n\u0414\u0432\u0430 \u0438\u0437 40 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 15 \u2014 \u043a\u0430\u043a \u0432\u044b\u0441\u043e\u043a\u0438\u0435, 22 \u2014 \u043a\u0430\u043a \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043e\u0434\u0438\u043d \u2014 \u043a\u0430\u043a \u043d\u0438\u0437\u043a\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 FortiNAC (CVE-2022-39952) \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 FortiNAC (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 9.4.0, \u0441 9.2.0 \u043f\u043e 9.2.5, \u0441 9.1.0 \u043f\u043e 9.1.7, 8.8, 8.7, 8.6, 8.5 \u0438 8.3), \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-39952\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3 9,8 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f).\n\nFortiNAC \u2014 \u044d\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0435\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412\u043d\u0435\u0448\u043d\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0443\u0442\u0438 [CWE-73] \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 FortiNAC \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 FortiNAC 7.2.0, 9.1.8, 9.1.8 \u0438 9.1.8.\n\n\u0412\u0442\u043e\u0440\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430 \u0432 \u043f\u0440\u043e\u043a\u0441\u0438-\u0434\u0435\u043c\u043e\u043d\u0435 FortiWeb (CVE-2021-42756 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,3), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e CVE, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443, \u043d\u043e \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c. CVE-2021-42756 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 FortiWeb (5.x, 6.0.7, 6.1.2, 6.2.6, 6.3.16 \u0438 6.4), \u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17 \u0438 7.0.0.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Fortinet, \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\nHorizon3 \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c PoC \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2023-02-20T09:47:48.000000Z"}, {"uuid": "17a5cb0b-0c9f-43c6-acd2-63ba9d3fbb1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4101", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 PoC \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-39952) \u0432 \u043f\u0430\u043a\u0435\u0442\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 FortiNAC \u043e\u0442 Fortinet.\n\nFortinet \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 16 \u0444\u0435\u0432\u0440\u0430\u043b\u044f\u00a0\u0438 \u043e\u0446\u0435\u043d\u0438\u043b\u0430 \u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0432 9,8 \u0431\u0430\u043b\u043b\u043e\u0432. \u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 RCE \u0441 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c FortiNAC 9.4.0, \u0441 9.2.0 \u043f\u043e 9.2.5, \u0441 9.1.0 \u043f\u043e 9.1.7, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0432\u0435\u0442\u043e\u043a 8.8, 8.7, 8.6, 8.5 \u0438 8.3, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0434\u0435\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 (\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u043d\u0430 GitHub) \u0440\u0435\u0441\u0441\u0435\u0440\u0447\u0435\u0440\u044b Horizon3 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\nPoC \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0437\u0430\u0434\u0430\u043d\u0438\u044f cron \u0432 /etc/cron.d/, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u043a\u0430\u0436\u0434\u0443\u044e \u043c\u0438\u043d\u0443\u0442\u0443, \u0447\u0442\u043e\u0431\u044b \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0435\u0432\u0435\u0440\u0441\u0438\u0432\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 root \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0435\u043c\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c RCE.\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2022-39952 \u0443\u0434\u0430\u043b\u0438\u043b\u043e \u00abkeyUpload.jsp\u00bb, \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u00abkey\u00bb, \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0435\u0433\u043e \u0432 \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 bash \u00abconfigApplianceXml\u00bb.\n\n\u0421\u0446\u0435\u043d\u0430\u0440\u0438\u0439 bash \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u00ab\u0440\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u0430\u0442\u044c\u00bb \u0434\u043b\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u0437\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u043d\u043e \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u0435\u0440\u0435\u0434 \u044d\u0442\u0438\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u00abcd /\u00bb. \u0420\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043f\u043e \u043b\u044e\u0431\u044b\u043c \u043f\u0443\u0442\u044f\u043c, \u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043d\u0435 \u0432\u044b\u0445\u043e\u0434\u044f\u0442 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c ZIP-\u0430\u0440\u0445\u0438\u0432, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443, \u0443\u043a\u0430\u0437\u0430\u0432, \u043a\u0443\u0434\u0430 \u0435\u0435 \u043d\u0443\u0436\u043d\u043e \u0438\u0437\u0432\u043b\u0435\u0447\u044c, \u0430 \u0437\u0430\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0433\u043e \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043b\u044e\u0447\u0435\u0432\u043e\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440.\n\n\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u00abkey\u00bb \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0435\u0442 \u00abkeyUpload.jsp\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Fortinet \u0443\u0434\u0430\u043b\u0438\u043b \u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiNAC.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c FortiNAC \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-39952: \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, FortiNAC 9.4.1 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435, 9.2.6 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435, 9.1.8 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435 \u0438 7.2. .0 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435.", "creation_timestamp": "2023-02-22T11:20:08.000000Z"}, {"uuid": "6eb176f3-6dbd-433c-941b-3ce63e580513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/true_secator/4536", "content": "Fortinet \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 FortiNAC, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-33299 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0424\u043b\u043e\u0440\u0438\u0430\u043d\u043e\u043c \u0425\u0430\u0443\u0437\u0435\u0440\u043e\u043c \u0438\u0437 Code White \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,6 \u0438\u0437 10.\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u0441\u043b\u0443\u0436\u0431\u0435 TCP/1050.\n\n\u041f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 FortiNAC \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 9.4.0-9.4.2, 9.2.0-9.2.7, 9.1.0-9.1.9, 7.2.0-7.2.1, \u0430 \u0442\u0430\u043a\u0436\u0435 8.3, 8.5-8.8 (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438).\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b \u0432 9.4.3, 9.2.8, 9.1.10 \u0438 7.2.2 (\u0438\u043b\u0438 \u0432\u044b\u0448\u0435).\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043a\u0440\u043e\u043c\u0435, \u043a\u0430\u043a \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.\n\n\u041d\u0430\u0440\u044f\u0434\u0443 \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE, Fortinet \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2023-33300, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e FortiNAC 9.4.0-9.4.3 \u0438 7.2.0-7.2.1.\n\n\u041e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 \u0434\u0440\u0443\u0433\u0438\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u0432\u0432\u043e\u0434\u0430.\n\n\u041f\u0440\u0430\u0432\u0434\u0430, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043b\u0438\u0448\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0441 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043e\u0441\u043e\u0431\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u043a \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u043c Fortinet, \u0430\u0434\u043c\u0438\u043d\u043e\u0432 \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u0418\u0411 \u0432\u043f\u0435\u0440\u0435\u0434\u0438 \u043e\u0436\u0438\u0434\u0430\u044e\u0442 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435.\n\n\u0412\u0435\u0434\u044c \u043a\u0430\u043a \u043c\u044b \u043f\u043e\u043c\u043d\u0438\u043c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f RCE (CVE-2022-39952) \u0432 FortiNAC \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439.\n\n\u041d\u043e, \u043f\u0440\u043e \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435 - \u043f\u043e\u043f\u043e\u0437\u0436\u0435.", "creation_timestamp": "2023-06-23T17:20:05.000000Z"}, {"uuid": "15f40e4b-b818-42a3-b2b3-f82f065cd467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2639", "content": "\ud83d\udd25\ud83d\udd25\ud83d\udd25Fortinet FortiNAC CVE-2022-39952 Deep-Dive, PoC and IOCs\nAn external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.\n\n\ud83d\udd16PoC exploit here", "creation_timestamp": "2023-02-21T14:50:17.000000Z"}, {"uuid": "b37ad681-3235-42f9-a7bd-8bd0945494f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39955", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2342", "content": "#exploit\n1. CVE-2022-47966:\nRCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products\nhttps://github.com/horizon3ai/CVE-2022-47966\n]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive\n\n2. CVE-2022-39955:\nCharset confusion + WAF bypasses via 0days\nhttps://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec\n\n3. Microsoft Teams RCE\nhttps://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html", "creation_timestamp": "2023-01-20T20:25:07.000000Z"}, {"uuid": "693d27d7-3915-4f63-9b6c-54e200603dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "https://t.me/information_security_channel/49615", "content": "Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch\nhttps://www.securityweek.com/fortinet-fortinac-vulnerability-exploited-in-wild-days-after-release-of-patch/\n\nHackers started exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 the same day a PoC exploit was released.\nThe post Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch (https://www.securityweek.com/fortinet-fortinac-vulnerability-exploited-in-wild-days-after-release-of-patch/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-02-23T18:20:32.000000Z"}, {"uuid": "5f1cce61-bacf-49c5-9275-0cc4bfc856d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/information_security_channel/49625", "content": "Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability\nhttps://www.securityweek.com/fortinet-shares-clarifications-on-exploitation-of-fortinac-vulnerability/\n\nFortinet provides clarifications following \u2018sensationalized reports\u2019 related to exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952\nThe post Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability (https://www.securityweek.com/fortinet-shares-clarifications-on-exploitation-of-fortinac-vulnerability/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-02-24T21:16:55.000000Z"}, {"uuid": "17a27e25-fde7-4dd4-843c-1c88d12b7532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/haccking/9212", "content": "\ud83d\udd24\ud83d\udd24\ud83d\udd24   \ud83d\udd24\ud83d\udd24\ud83d\udd24\ud83d\udd24\ud83d\udd24\ud83d\udd24\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 Fortinet FortiNAC CVE-2022-39952", "creation_timestamp": "2023-03-03T10:50:03.000000Z"}, {"uuid": "238f505d-04e6-434b-bd31-14883fdb2824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-06)", "content": "", "creation_timestamp": "2025-02-06T00:00:00.000000Z"}, {"uuid": "256e98cc-f63e-4dce-bb0f-912ddb637914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-15)", "content": "", "creation_timestamp": "2025-03-15T00:00:00.000000Z"}, {"uuid": "ceaa6572-48c0-4ac7-b4b5-5041bd8a54b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-07)", "content": "", "creation_timestamp": "2025-04-07T00:00:00.000000Z"}, {"uuid": "bf76ec78-dc2c-4797-8887-4870f43ccc00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-14)", "content": "", "creation_timestamp": "2025-04-14T00:00:00.000000Z"}, {"uuid": "f6a8a5a3-4cd3-4cfa-860f-1fa8333eb426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-05)", "content": "", "creation_timestamp": "2025-06-05T00:00:00.000000Z"}, {"uuid": "0e20e920-fc85-486e-8cc0-7beb1492fcf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-24)", "content": "", "creation_timestamp": "2025-04-24T00:00:00.000000Z"}, {"uuid": "ee379cc5-e456-4b36-ba6f-0ac709ce2342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "30e4ce4a-6319-4c3b-a9e3-1c104fc7febe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-25)", "content": "", "creation_timestamp": "2025-06-25T00:00:00.000000Z"}, {"uuid": "5fe63d81-5ef6-449a-b0eb-f80aacebd92f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-09)", "content": "", "creation_timestamp": "2025-12-09T00:00:00.000000Z"}, {"uuid": "c553531a-f80c-44e6-8b8c-9e129385eb5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-19)", "content": "", "creation_timestamp": "2025-12-19T00:00:00.000000Z"}, {"uuid": "333905a7-0b0b-4dec-9e7c-30921403c71c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-28)", "content": "", "creation_timestamp": "2025-12-28T00:00:00.000000Z"}, {"uuid": "ff4ff816-0edb-4ab1-829b-f69eb130ceaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-05)", "content": "", "creation_timestamp": "2026-01-05T00:00:00.000000Z"}, {"uuid": "145d8f42-416a-4122-88c0-c225284949b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-05)", "content": "", "creation_timestamp": "2026-01-05T00:00:00.000000Z"}, {"uuid": "d3149246-57ef-445e-8cb6-5fa995b75019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-10)", "content": "", "creation_timestamp": "2026-01-10T00:00:00.000000Z"}, {"uuid": "1baa2456-742b-46f4-b8e7-155b4c6ca3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-10)", "content": "", "creation_timestamp": "2026-01-10T00:00:00.000000Z"}, {"uuid": "7976eac9-f5ab-46f6-8375-5de1dcc17d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "25997396-aa83-4ca1-aa41-48591e6cc2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "86fb741b-e32c-44ed-8db1-4830b593aa38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-14)", "content": "", "creation_timestamp": "2026-01-14T00:00:00.000000Z"}, {"uuid": "b0c2753d-87cc-4788-8481-4b177dff3cda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "9baf0ee4-1137-4a3c-90fc-a62158ee0863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "f1483a86-2fc8-43f1-8438-47c8b7b03c86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-23)", "content": "", "creation_timestamp": "2026-01-23T00:00:00.000000Z"}, {"uuid": "e21e3a7c-5663-436d-b6d8-67ffa379b4b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-11)", "content": "", "creation_timestamp": "2026-03-11T00:00:00.000000Z"}, {"uuid": "9a758dcc-2fe7-4e43-93af-508d7a9d6c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "4ab66da0-f504-42c6-a516-8c00c0ce371e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10703", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-39952 (CVSS score 9.8) and CVE-2021-42756 are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.\n\nhttps://securityaffairs.com/142553/hacking/poc-exploit-code-fortinet-fortinac.html", "creation_timestamp": "2023-02-23T05:57:38.000000Z"}, {"uuid": "fb365fb6-952a-4a51-bb6f-144999a67cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10693", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Fortinet FortiNAC CVE-2022-39952 Deep-Dive, PoC and IOCs.\n\nAn external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.\n\n\ud83d\udd16PoC exploit here.\n\nUsage:\npython3 CVE-2022-39952.py --target IP --file payload", "creation_timestamp": "2023-02-21T14:05:40.000000Z"}, {"uuid": "d3fac344-4971-4c0e-a16a-978ebfe8f781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10690", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952).\n\nhttps://www.helpnetsecurity.com/2023/02/20/cve-2022-39952/", "creation_timestamp": "2023-02-20T17:28:42.000000Z"}, {"uuid": "a159f78b-8665-417e-8571-1ac822f8d005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "https://t.me/cKure/10712", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Fortinet Fortinac CVE-2022-39952 floor has been exploited in the wild hours after the PoC exploit was released.\n\nhttps://securityaffairs.com/142621/hacking/fortinet-fortinac-cve-2022-39952-exploitation.html", "creation_timestamp": "2023-02-24T20:46:14.000000Z"}, {"uuid": "ad9dec71-88bb-4145-95e9-28f8b3454159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/15562", "content": "\u200aExploit released for critical Fortinet RCE flaws, patch now\n\nSecurity researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in\u00a0Fortinet's FortiNAC network access control suite. [...]\n\nhttps://www.bleepingcomputer.com/news/security/exploit-released-for-critical-fortinet-rce-flaws-patch-now/", "creation_timestamp": "2023-02-21T21:36:10.000000Z"}, {"uuid": "3969996b-92c5-42be-92be-fe38038e33e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/15559", "content": "Latest news and stories from BleepingComputer.com\nExploit released for critical Fortinet RCE flaws, patch now\n\nSecurity researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in\u00a0Fortinet's FortiNAC network access control suite. [...]", "creation_timestamp": "2023-02-21T20:23:19.000000Z"}, {"uuid": "0177769d-348c-45f4-8df6-9e192090f8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/codeby_sec/7142", "content": "\u200b\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 Fortinet FortiNAC CVE-2022-39952\n\n\u0412 \u0447\u0435\u0442\u0432\u0435\u0440\u0433, 16 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2023 \u0433\u043e\u0434\u0430, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 PSIRT, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0430 CVE-2022-39952, \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442 FortiNAC. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f Gwendal Gu\u00e9gniaud \u0438\u0437 Fortinet, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u043e\u0442 root'\u0430.\n\n\ud83d\udccc \u0427\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u0435\u0435\n\n#fortiner #cve #analysis", "creation_timestamp": "2023-03-01T07:19:51.000000Z"}, {"uuid": "edea16f0-44a7-454b-b4e8-382429a02249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/15579", "content": "Latest news and stories from BleepingComputer.com\nExploit released for critical Fortinet RCE flaw, patch now\n\nSecurity researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in\u00a0Fortinet's FortiNAC network access control suite. [...]", "creation_timestamp": "2023-02-22T20:28:09.000000Z"}, {"uuid": "f77fc7c4-5d22-473e-9ec0-77541c7d32bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "https://t.me/BleepingComputer/15576", "content": "Latest news and stories from BleepingComputer.com\nHackers now exploit critical Fortinet bug to backdoor servers\n\nThreat actors are targeting\u00a0Internet-exposed Fortinet\u00a0appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. [...]", "creation_timestamp": "2023-02-22T20:26:29.000000Z"}, {"uuid": "492c72cc-ebe7-4c74-b00c-5fefd00a79c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "https://t.me/BleepingComputer/15573", "content": "\u200aHackers now exploit critical Fortinet bug to backdoor servers\n\nThreat actors are targeting\u00a0Internet-exposed Fortinet\u00a0appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-fortinet-bug-to-backdoor-servers/", "creation_timestamp": "2023-02-22T20:06:44.000000Z"}, {"uuid": "2149415f-d3cd-4256-9a5b-e1570e001854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/L2RV6U3b5nVZIy3J1ic8uKCEFLD48HWA4eZnFzD5lipdDRQ", "content": "", "creation_timestamp": "2023-03-08T07:56:40.000000Z"}, {"uuid": "00aaff58-7eac-4e31-859d-8d806667c513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/bluzvfahL1FEA3QvCDZTmn2HDQt8Wv1Nf8M23zEpMwUMhqw", "content": "", "creation_timestamp": "2023-03-08T07:56:22.000000Z"}, {"uuid": "45bd13a1-1b8c-498a-be1e-7dfb4a16cae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1393", "content": "CVE-2022-39952 Fortinet FortiNAC \nCVSS score of 9.8\n\n\u041f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e:\n    FortiNAC version 9.4.0\n    FortiNAC version 9.2.0 through 9.2.5\n    FortiNAC version 9.1.0 through 9.1.7\n    FortiNAC 8.8 all versions\n    FortiNAC 8.7 all versions\n    FortiNAC 8.6 all versions\n    FortiNAC 8.5 all versions, and\n    FortiNAC 8.3 all versions\n\nPOC exploit\n\n#forti #poc", "creation_timestamp": "2023-02-21T15:48:48.000000Z"}, {"uuid": "2937ac3b-388d-41ff-b38e-cc95130677f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/705", "content": "CVE-2022-39952 : Fortinet FortiNAC - Unauthenticated RCE  \nPOC : https://github.com/horizon3ai/CVE-2022-39952", "creation_timestamp": "2023-02-23T06:30:00.000000Z"}, {"uuid": "0d27601c-2af3-489a-ba04-7a161f72ec9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/Fq6TfgfJ5uAccya2ISlN0dAzRKndmEnMUXeam27My2Av-ZE", "content": "", "creation_timestamp": "2023-04-01T00:34:10.000000Z"}, {"uuid": "921312cc-a086-449d-9cb2-b421cbebcf70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39953", "type": "seen", "source": "https://t.me/cibsecurity/59604", "content": "\u203c CVE-2022-39953 \u203c\n\nA improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:46.000000Z"}, {"uuid": "db99514c-cb73-4b44-aba7-1aa31b46a1d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39951", "type": "seen", "source": "https://t.me/cibsecurity/59603", "content": "\u203c CVE-2022-39951 \u203c\n\nA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:45.000000Z"}, {"uuid": "2f34816f-96eb-4cbe-a557-f15e379350e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39957", "type": "seen", "source": "https://t.me/cibsecurity/50130", "content": "\u203c CVE-2022-39957 \u203c\n\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional \"charset\" parameter in order to receive the response in an encoded form. Depending on the \"charset\", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T12:39:09.000000Z"}, {"uuid": "c01ec206-8a9a-4ca8-8dee-00cef2b2d004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://t.me/theninjaway1337/1283", "content": "Fortinet emite patches para 40 falhas que afetam o FortiWeb, FortiOS, e FortiProxy\n\nA\u00a0Fortinet\u00a0lan\u00e7ou atualiza\u00e7\u00f5es de seguran\u00e7a para solucionar 40 vulnerabilidades em sua linha de software, incluindo FortiWeb, FortiOS, FortiNAS e FortiProxy, entre outros.\nDuas das\u00a040 falhas\u00a0s\u00e3o classificadas como Cr\u00edticas, 15 s\u00e3o classificadas como Altas, 22 s\u00e3o classificadas como M\u00e9dias e uma \u00e9 classificada como Baixa em gravidade.\nNo topo da lista est\u00e1 um bug grave que reside na solu\u00e7\u00e3o de controle de acesso \u00e0 rede FortiNAC (CVE-2022-39952, pontua\u00e7\u00e3o CVSS: 9,8) que pode levar \u00e0 execu\u00e7\u00e3o arbitr\u00e1ria do c\u00f3digo.\n\nhttps://boletimsec.com.br/fortinet-emite-patches-para-40-falhas-que-afetam-o-fortiweb-fortios-e-fortiproxy/", "creation_timestamp": "2023-02-21T12:20:53.000000Z"}, {"uuid": "5122c34e-84cb-4bdd-8ea0-d65ead4afccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/13663", "content": "\u0414\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Fortinet \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-39952) \u0432 Fortinet FortiNAC. \u042d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\nhttps://xakep.ru/2023/02/22/fortinac-poc/", "creation_timestamp": "2023-02-22T12:36:38.000000Z"}, {"uuid": "af7620ab-cb17-4440-bdc2-1c5d17221d31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39955", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7582", "content": "#exploit\n1. CVE-2022-47966:\nRCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products\nhttps://github.com/horizon3ai/CVE-2022-47966\n]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive\n\n2. CVE-2022-39955:\nCharset confusion + WAF bypasses via 0days\nhttps://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec\n\n3. Microsoft Teams RCE\nhttps://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html", "creation_timestamp": "2023-01-20T11:00:21.000000Z"}, {"uuid": "394eb987-91f5-4f20-8cfb-8fd20703d9af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7819", "content": "#exploit\nCVE-2022-39952:\nUnauthenticated RCE in Fortinet FortiNAC", "creation_timestamp": "2024-06-22T15:22:46.000000Z"}, {"uuid": "743e39be-e376-47bb-bcc6-2f2bd3b88825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "Telegram/gT5_rH6SbQjCDL5CnTfdxn2Fj6qxX4lRf2Kzqc0ICHxoeYM", "content": "", "creation_timestamp": "2023-04-02T20:32:57.000000Z"}, {"uuid": "9d2f6e85-2a21-4990-8947-b556c19ea68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4711", "content": "POC for CVE-2022-39952\n\nGithub\n\n#CVE #POC #Payload\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-05-20T00:26:05.000000Z"}, {"uuid": "adceabc2-5b04-4d3e-a617-130e86347d6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/d8e40798-9018-4ea0-af61-fb51ab351246", "content": "", "creation_timestamp": "2023-02-24T09:00:01.000000Z"}, {"uuid": "7300dbdb-8f8d-4266-97fe-2d5dfcc0ec9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "36f79254-7324-4123-8ee1-c6033f4e600e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-07)", "content": "", "creation_timestamp": "2025-03-07T00:00:00.000000Z"}, {"uuid": "c338e685-37c2-463f-a1b5-b80cf258edee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-21)", "content": "", "creation_timestamp": "2025-02-21T00:00:00.000000Z"}, {"uuid": "3ee6016e-a5cc-4a15-a85f-b2caa768a992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-15)", "content": "", "creation_timestamp": "2025-03-15T00:00:00.000000Z"}, {"uuid": "4281fe47-3267-44bd-b0ef-3d8a57f54f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:04.000000Z"}, {"uuid": "f245fd2b-44b9-4884-be79-a46245ec5ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3m5vfnyobqh2x", "content": "", "creation_timestamp": "2025-11-18T09:15:44.052414Z"}, {"uuid": "519277d0-ef8d-47c5-bd8e-e1a2c0917b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-10)", "content": "", "creation_timestamp": "2025-12-10T00:00:00.000000Z"}, {"uuid": "7cc34056-307a-4e00-9642-61c73a6a6cb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-17)", "content": "", "creation_timestamp": "2025-12-17T00:00:00.000000Z"}, {"uuid": "94e61b06-7639-4137-bae5-acafd3790517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-31)", "content": "", "creation_timestamp": "2025-12-31T00:00:00.000000Z"}, {"uuid": "7adb5b4f-8cda-413d-a9b4-b80b57927412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-02)", "content": "", "creation_timestamp": "2026-01-02T00:00:00.000000Z"}, {"uuid": "c9a1b207-8362-4900-bf8c-94f77817d62b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-07)", "content": "", "creation_timestamp": "2026-01-07T00:00:00.000000Z"}, {"uuid": "53f50d08-9c93-467d-b775-0ed6438e924d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-12)", "content": "", "creation_timestamp": "2026-01-12T00:00:00.000000Z"}, {"uuid": "c8ef8f28-a426-4f1d-be04-45398f08f3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-17)", "content": "", "creation_timestamp": "2026-01-17T00:00:00.000000Z"}, {"uuid": "e2ae2db0-5769-454f-b74d-65d7e53f0e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-10)", "content": "", "creation_timestamp": "2026-02-10T00:00:00.000000Z"}, {"uuid": "7140cda9-88fc-4658-83db-fbf94dbff521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-05)", "content": "", "creation_timestamp": "2026-04-05T00:00:00.000000Z"}, {"uuid": "d554e482-d52e-4ebd-bd75-81e709fc386a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-21)", "content": "", "creation_timestamp": "2026-03-21T00:00:00.000000Z"}, {"uuid": "b0720e6f-610e-4b18-a942-5c9d24800220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/160", "content": "Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs\n\n\ud83d\udc64 by Zach Hanley\n\nOn Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Gu\u00e9gniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.\n\n\ud83d\udcdd Contents:\n\u25cf Introduction\n\u25cf Extracting the System\n\u25cf The Vulnerability\n\u25cf Weaponization of the Issue\n\u25cf Indicators of Compromise\n\nhttps://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/", "creation_timestamp": "2023-02-22T06:18:06.000000Z"}, {"uuid": "c44a7754-05d6-44d2-a73c-3e111af19bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39955", "type": "published-proof-of-concept", "source": "Telegram/IJhgMarSf2TVVZYea0Ymbnso6wx0M8Ud--wV6Vs4ccHCfyc", "content": "", "creation_timestamp": "2023-01-21T09:39:22.000000Z"}, {"uuid": "6dc1d5c8-6077-4ccf-9857-0513547e70f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/7uwVn_ACC1sP38xQWNSUhY9FlJBeOr0mtOpWUsYxOhHaDfM", "content": "", "creation_timestamp": "2023-02-26T12:28:36.000000Z"}, {"uuid": "216ed644-c3ef-42e3-9a96-58c71b9a2d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "Telegram/X0DeSrdcPMWZNmND9iVB6SjJNhUyoh4IGXeNfo81nFIIiyk", "content": "", "creation_timestamp": "2023-02-21T21:01:43.000000Z"}, {"uuid": "c3a819ad-c6d0-4034-99f7-cb4d0a79440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/RAT070/350", "content": "CVE-2022-39952 : Fortinet FortiNAC - Unauthenticated RCE\u00a0 \nPOC :\n https://github.com/horizon3ai/CVE-2022-39952\n\n\n\n\n\u062a\u0645 \u0625\u0646\u0634\u0627\u0621 \u0647\u0630\u0627 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0644\u0623\u063a\u0631\u0627\u0636 \u0627\u0644\u0628\u062d\u062b \u0627\u0644\u0623\u0643\u0627\u062f\u064a\u0645\u064a \u0641\u0642\u0637 \u0648\u0644\u062a\u0637\u0648\u064a\u0631 \u062a\u0642\u0646\u064a\u0627\u062a \u062f\u0641\u0627\u0639\u064a\u0629 \u0641\u0639\u0627\u0644\u0629 \u060c \u0648\u0644\u064a\u0633 \u0627\u0644\u063a\u0631\u0636 \u0645\u0646\u0647 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647 \u0644\u0645\u0647\u0627\u062c\u0645\u0629 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u0627\u0633\u062a\u062b\u0646\u0627\u0621 \u0627\u0644\u0623\u0645\u0627\u0643\u0646 \u0627\u0644\u0645\u0635\u0631\u062d \u0628\u0647\u0627 \u0635\u0631\u0627\u062d\u0629\u064b. \u0645\u0634\u0631\u0641\u0648 \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0644\u064a\u0633\u0648\u0627 \u0645\u0633\u0624\u0648\u0644\u064a\u0646 \u0623\u0648 \u0645\u0633\u0624\u0648\u0644\u064a\u0646 \u0639\u0646 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c. \u0627\u0633\u062a\u062e\u062f\u0645 \u0628\u0645\u0633\u0624\u0648\u0644\u064a\u0629.", "creation_timestamp": "2023-10-22T17:56:08.000000Z"}, {"uuid": "aff45189-09db-4182-bbe4-0539cbb2666f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/706", "content": "CVE-2022-39952 : Fortinet FortiNAC Deep-Dive and IOCs\nhttps://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/", "creation_timestamp": "2023-02-24T18:30:00.000000Z"}, {"uuid": "e649fa96-81a0-4cef-b851-d7f0af232681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/306", "content": "Fortinet FortiNAC Unauthenticated RCE\n\nPoC:\nhttps://github.com/horizon3ai/CVE-2022-39952\n\nResearch: \nhttps://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/\n\n#fortinet #fortinac #rce #cve", "creation_timestamp": "2023-03-01T07:25:13.000000Z"}, {"uuid": "8efb68e8-4990-4c87-9725-8f02cdd1467c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityIL/19322", "content": "\u05e2\u05d5\u05d3 \u05dc\u05d0 \u05e2\u05d9\u05d3\u05db\u05e0\u05ea\u05dd? \u05e9\u05d5\u05d7\u05e8\u05e8 POC \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05d1\u05de\u05d5\u05e6\u05e8 FortiNac \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea Fortinet.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2022-39952 \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05e9\u05dc\u05d0 \u05e2\u05d1\u05e8 \u05d6\u05d9\u05d4\u05d5\u05d9 \u05dc\u05db\u05ea\u05d5\u05d1 \u05e7\u05d1\u05e6\u05d9\u05dd \u05d5\u05dc\u05d4\u05e8\u05d9\u05e5 \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 \u05d1\u05de\u05db\u05e9\u05d9\u05e8\u05d9\u05dd \u05d4\u05e4\u05d2\u05d9\u05e2\u05d9\u05dd, \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05d9\u05d1\u05dc\u05d4 \u05d3\u05d9\u05e8\u05d5\u05d2 \u05e8\u05de\u05ea \u05e1\u05d9\u05db\u05d5\u05df \u05e9\u05dc 9.8. \ud83d\udea8\n\n\u05d4\u05de\u05d5\u05e6\u05e8\u05d9\u05dd \u05d5\u05d4\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea \u05d1\u05d4\u05df \u05e7\u05d9\u05d9\u05de\u05ea \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05de\u05d5\u05e4\u05d9\u05e2\u05d9\u05dd \u05db\u05d0\u05df.\n\u05d4-POC \u05e4\u05d5\u05e8\u05e1\u05dd \u05db\u05d0\u05df.\n\nhttps://t.me/CyberSecurityIL/2741\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2023-02-21T22:41:18.000000Z"}, {"uuid": "4a65c47c-1c15-414c-acdd-6abb55c174f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3995", "type": "seen", "source": "https://t.me/cibsecurity/53693", "content": "\u203c CVE-2022-3995 \u203c\n\nThe TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T01:01:45.000000Z"}, {"uuid": "4cfdde6e-0593-4116-8ba0-f29738f5db00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39959", "type": "seen", "source": "https://t.me/cibsecurity/51047", "content": "\u203c CVE-2022-39959 \u203c\n\nPanini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\\Panini\\Everest Engine\\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\\Panini\\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-08T02:17:38.000000Z"}, {"uuid": "066d4fd3-3315-4203-b923-60aa74492f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39958", "type": "seen", "source": "https://t.me/cibsecurity/50124", "content": "\u203c CVE-2022-39958 \u203c\n\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T12:39:01.000000Z"}, {"uuid": "6b3670e2-6514-4fe1-9f12-41825ae3c087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39956", "type": "seen", "source": "https://t.me/cibsecurity/50125", "content": "\u203c CVE-2022-39956 \u203c\n\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T12:39:02.000000Z"}, {"uuid": "d44fc763-7def-4180-8a1d-4dbb831b1d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39955", "type": "seen", "source": "https://t.me/cibsecurity/50128", "content": "\u203c CVE-2022-39955 \u203c\n\nThe OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type \"charset\" names and therefore bypassing the configurable CRS Content-Type header \"charset\" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T12:39:07.000000Z"}, {"uuid": "a381ac26-498a-4e17-af14-6a7f498b4fcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/459", "content": "\ud83d\udd25\ud83d\udd25\ud83d\udd25Fortinet FortiNAC CVE-2022-39952 Deep-Dive, PoC and IOCs\nAn external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.\n\n\ud83d\udd16PoC exploit here\nUsage:\npython3 CVE-2022-39952.py --target IP --file payload", "creation_timestamp": "2023-02-21T22:28:30.000000Z"}, {"uuid": "8c3311f3-ce0d-4854-999c-8aa658c181ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "a575b59a-2610-42af-8723-84344605ff6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-10)", "content": "", "creation_timestamp": "2025-02-10T00:00:00.000000Z"}, {"uuid": "64b8d54b-57b1-4505-90cd-ab6755403e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-10)", "content": "", "creation_timestamp": "2025-02-10T00:00:00.000000Z"}, {"uuid": "db11670a-2bec-420a-b5d4-cf996466951a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:48.000000Z"}, {"uuid": "3d2c58f9-6938-4ba9-96a0-13dfe0470f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-22)", "content": "", "creation_timestamp": "2025-02-22T00:00:00.000000Z"}, {"uuid": "d8d26362-b027-4216-ba84-a93a983839d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-27)", "content": "", "creation_timestamp": "2025-06-27T00:00:00.000000Z"}, {"uuid": "a4cb5a48-4dac-4587-8e93-8ccfeafaea3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-11)", "content": "", "creation_timestamp": "2025-04-11T00:00:00.000000Z"}, {"uuid": "3807c4be-c6e0-4cf5-888b-6deec4aa0090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-01)", "content": "", "creation_timestamp": "2025-07-01T00:00:00.000000Z"}, {"uuid": "204469fb-65bc-4d9f-b086-8556618f9bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-23)", "content": "", "creation_timestamp": "2025-04-23T00:00:00.000000Z"}, {"uuid": "571836fd-0f5d-4ad8-8848-77934578f1d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39952", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}]}