CVE-2022-39952

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fortinet four months after the detection of another significant bug in FortiNAC. The severity of CVE-2022-39952 is underscored by its CVSS score of 9.8, indicating a high level of potential impact. Security researchers at Horizon3.ai released a proof-of-concept (PoC) exploit for CVE-2022-39952, demonstrating the feasibility of exploiting this vulnerability. Within six days of the PoC exploit release, attacks targeting this vulnerability were detected. The quick exploitation timeline underscores the urgency required in patching such vulnerabilities to prevent potential breaches. The Earth Lusca group leveraged CVE-2022-39952 along with several other critical vulnerabilities for their attacks. These include an authentication bypass vulnerability (CVE-2022-40684) and multiple remote code execution vulnerabilities (CVE-2021-22205, CVE-2019-18935, CVE-2019-9670, and CVE-2019-9621). Therefore, organizations using FortiNAC are advised to apply patches for CVE-2022-39952 and related vulnerabilities promptly to protect their systems from potential exploits.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Fortinac
Fortinet
Exploit
Poc
RCE (Remote ...
Remote Code ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
2
Earth Lusca is a significant threat actor that has recently expanded its malicious arsenal with the SprySOCKS Linux malware, posing an increased risk to global cybersecurity. This group is known for executing actions with harmful intent, and could be composed of individuals, private companies, or go
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
CVE-2019-18935Unspecified
1
CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advan
CVE-2022-40684Unspecified
1
CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2019-9670Unspecified
1
None
CVE-2019-9621Unspecified
1
None
Earth Lusca Earth LuscaUnspecified
1
None
Source Document References
Information about the CVE-2022-39952 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a year ago
Botnets Send Exploits Within Days to Weeks After Published PoC
DARKReading
a year ago
Exploit Code Released for Critical Fortinet RCE Bug
CSO Online
a year ago
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Securityaffairs
a year ago
Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb
Securityaffairs
a year ago
Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit
DARKReading
9 months ago
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
CERT-EU
a year ago
Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb
CERT-EU
a year ago
Threat actors quick to exploit proof-of-concept code
CERT-EU
a year ago
Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
Securityaffairs
a year ago
PoC exploit code for critical Fortinet FortiNAC bug released online
CERT-EU
a year ago
20th February – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Recorded Future
a year ago
CVE-2022-39952: Pre-authentication Code-execution Vulnerability | Recorded Future
Trend Micro
9 months ago
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Securityaffairs
9 months ago
Earth Lusca expands its arsenal with SprySOCKS Linux malware
CERT-EU
a year ago
Fortinet Bug: RUN β€” Don’t Walk β€” to Patch Critical RCE
CERT-EU
a year ago
Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy
CERT-EU
9 months ago
Hackers Deployed never-before-seen Linux Malware Attacking Government Entities
CERT-EU
a year ago
Latest Cyberthreats and Advisories - February 24, 2023 - Cybersecurity Insiders
CERT-EU
a year ago
Exploit released for critical Fortinet RCE flaws, patch now