Fortinet Remote Code Execution Vulnerabilities (CVE-2022-39952 & CVE-2021-42756)

2 critical Remote Code Execution vulnerabilities (CVE-2022-39952 and CVE-2021-42756) were identified in Fortinet products recently.  An unauthenticated attacker could exploit these vulnerabilities to perform arbitrary code execution.

Fortinet has released the patches to remediate these vulnerabilities and strongly recommends customers to apply the update IMMEDIATELY.



  • CVE-2022-39952
  • CVE-2021-42756


Severity Level

  • Critical


Affected Products

  • FortiNAC version 9.4.0,
    FortiNAC version 9.2.0 through 9.2.5,
    FortiNAC version 9.1.0 through 9.1.7,
    FortiNAC 8.8 all versions,
    FortiNAC 8.7 all versions,
    FortiNAC 8.6 all versions,
    FortiNAC 8.5 all versions,
    FortiNAC 8.3 all versions.
  • FortiWeb versions 5.x all versions,
    FortiWeb versions 6.0.7 and below,
    FortiWeb versions 6.1.2 and below,
    FortiWeb versions 6.2.6 and below,
    FortiWeb versions 6.3.16 and below,
    FortiWeb versions 6.4 all versions.









Published on: 10 Mar 2023