Fortinet FortiNAC RCE via arbitrary file upload

Description

According to Fortinet's report, the FortiNAC web server is vulnerable to unauthenticated arbitrary file upload due to a directory traversal vulnerability that occurs when unpacking a user-provided zip file at the endpoint /configWizard/keyUpload.jsp. The following versions are affected:

• FortiNAC version 9.4.0
• FortiNAC version 9.2.0 through 9.2.5
• FortiNAC version 9.1.0 through 9.1.7
• FortiNAC versions 8.3 through 8.8

Remediation

Please upgrade to FortiNAC version 9.4.1 or above.
Please upgrade to FortiNAC version 9.2.6 or above.
Please upgrade to FortiNAC version 9.1.8 or above.
Please upgrade to FortiNAC version 7.2.0 or above.

References

Related Vulnerabilities

Severity

High

Classification

CVE-2022-39952 CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Unauthenticated File Upload Arbitrary File Creation Directory Traversal