Main Vulnerability Database Exploits ID:8912 - Exploit for External Control of File Name or Path in FortiNAC - CVE-2022-39952

ID:8912 - Exploit for External Control of File Name or Path in FortiNAC - CVE-2022-39952

Published: March 14, 2023

Vulnerability identifier: #VU72373

Vulnerability risk: Critical

CVE-ID: CVE-2022-39952

CWE-ID: CWE-73

Exploitation vector: Remote access

Vulnerable software:
FortiNAC

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/http/fortinac_keyupload_file_write

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application allows an attacker to control path of the files to write within the keyUpload scriptlet. A remote non-authenticated attacker can send a specially crafted HTTP request and upload arbitrary files to the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install updates from vendor's website.

ID:8912 - Exploit for External Control of File Name or Path in FortiNAC - CVE-2022-39952

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human