Main Vulnerability Database Vulnerabilities #VU72373

#VU72373 External Control of File Name or Path in FortiNAC - CVE-2022-39952

Published: February 19, 2023 / Updated: May 7, 2023

Vulnerability identifier: #VU72373

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2022-39952

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
FortiNAC

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application allows an attacker to control path of the files to write within the keyUpload scriptlet. A remote non-authenticated attacker can send a specially crafted HTTP request and upload arbitrary files to the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.com/psirt/FG-IR-22-300

#VU72373 External Control of File Name or Path in FortiNAC - CVE-2022-39952

Description

Remediation

External links

Please verify you're human