CVE-2022-39952

Vulnerability updated 7 months ago (2024-05-04T17:04:41.803Z)

Download STIX

Preview STIX

CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fortinet four months after the detection of another significant bug in FortiNAC. The severity of CVE-2022-39952 is underscored by its CVSS score of 9.8, indicating a high level of potential impact. Security researchers at Horizon3.ai released a proof-of-concept (PoC) exploit for CVE-2022-39952, demonstrating the feasibility of exploiting this vulnerability. Within six days of the PoC exploit release, attacks targeting this vulnerability were detected. The quick exploitation timeline underscores the urgency required in patching such vulnerabilities to prevent potential breaches. The Earth Lusca group leveraged CVE-2022-39952 along with several other critical vulnerabilities for their attacks. These include an authentication bypass vulnerability (CVE-2022-40684) and multiple remote code execution vulnerabilities (CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621). Therefore, organizations using FortiNAC are advised to apply patches for CVE-2022-39952 and related vulnerabilities promptly to protect their systems from potential exploits.

Description last updated: 2024-03-14T10:07:24.433Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Fortinet

Vulnerability

Fortinac

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Earth Lusca Threat Actor is associated with CVE-2022-39952. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar	Unspecified	2

Source Document References

Information about the CVE-2022-39952 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
DARKReading	a year ago	China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
Securityaffairs	a year ago	Earth Lusca expands its arsenal with SprySOCKS Linux malware
Trend Micro	a year ago	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
DARKReading	a year ago	Botnets Send Exploits Within Days to Weeks After Published PoC
CERT-EU	a year ago	Threat actors quick to exploit proof-of-concept code
CERT-EU	a year ago	Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE
CERT-EU	a year ago	New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
CERT-EU	2 years ago	Critical vulnerabilities in FortiNAC and FortiWeb products
Securityaffairs	2 years ago	Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb
CERT-EU	2 years ago	Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy
CERT-EU	2 years ago	20th February – Threat Intelligence Report - Check Point Research
Securityaffairs	2 years ago	PoC exploit code for critical Fortinet FortiNAC bug released online
CERT-EU	2 years ago	Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb
CERT-EU	2 years ago	Exploit released for critical Fortinet RCE flaws, patch now
DARKReading	2 years ago	Exploit Code Released for Critical Fortinet RCE Bug
Securityaffairs	2 years ago	Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit
CSO Online	2 years ago	Companies urged to patch critical vulnerability in Fortinet FortiNAC
CERT-EU	2 years ago	Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	2 years ago	Latest Cyberthreats and Advisories - February 24, 2023 - Cybersecurity Insiders