Fortinet FortiNAC - Remote Code Execution (CVE-2022-39952)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Fortinet FortiNAC server is vulnerable to CVE-2022-39952, a Remote Code Execution through an Arbitrary File Upload vulnerability, affecting the
/configWizard/keyUpload.jsp
. The root cause of this vulnerability consists in poor handling of user uploaded archives via the KeyUpload.jsp endpoint. The archives are automatically extracted as theroot
user in the/
directory, allowing an attacker to upload any file anywhere in the filesystem via a maliciously crafted zip archive. Through this vulnerability, a threat actor can upload a payload file in the/etc/cron.d/
directory and execute arbitrary commands via the cron service.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, or 9.4.1 and above.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- No
- Vuln date
- Feb 2023
- Published at
- Updated at
- Software Type
- Network Access Control
- Vendor
- Fortinet
- Product
- FortiNAC