External Control of File Name or Path in FortiNAC

#VU72373 External Control of File Name or Path in FortiNAC

Published: 2023-02-21 | Updated: 2023-05-07

Vulnerability identifier: #VU72373

Vulnerability risk: Critical

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2022-39952

CWE-ID: CWE-73

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
FortiNAC
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application allows an attacker to control path of the files to write within the keyUpload scriptlet. A remote non-authenticated attacker can send a specially crafted HTTP request and upload arbitrary files to the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiNAC: 8.3.7 - 9.4.0

External links
http://fortiguard.com/psirt/FG-IR-22-300

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FortiNAC