CVE-2022-39953

CVE Database · CVE-2022-39953

CVE-2022-39953

· HIGHModified

CVSS v3.1

7.8

EPSS

0.21%

Published

Mar 7, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269CWE-269

Affected Products (9)

fortinet · fortinacvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-309

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-309

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs