Fortinet FortiNAC RCE via arbitrary file upload - Vulnerability Database

Fortinet FortiNAC RCE via arbitrary file upload

Description

According to Fortinet's report, the FortiNAC web server is vulnerable to unauthenticated arbitrary file upload due to a directory traversal vulnerability that occurs when unpacking a user-provided zip file at the endpoint /configWizard/keyUpload.jsp. The following versions are affected:

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC versions 8.3 through 8.8

Remediation

Please upgrade to FortiNAC version 9.4.1 or above.<br/> Please upgrade to FortiNAC version 9.2.6 or above.<br/> Please upgrade to FortiNAC version 9.1.8 or above.<br/> Please upgrade to FortiNAC version 7.2.0 or above.<br/>

References

FortiNAC - External Control of File Name or Path in keyUpload scriptlet

Perspectives: FortiNAC and CVE-2022-39952

Related Vulnerabilities

Severity

High

Classification

CVE-2022-39952

CWE-610

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N