Fortinet FortiNAC - Remote Code Execution (CVE-2022-39952)

Fortinet FortiNAC server is vulnerable to CVE-2022-39952, a Remote Code Execution through an Arbitrary File Upload vulnerability, affecting the /configWizard/keyUpload.jsp. The root cause of this vulnerability consists in poor handling of user uploaded archives via the KeyUpload.jsp endpoint. The archives are automatically extracted as the root user in the / directory, allowing an attacker to upload any file anywhere in the filesystem via a maliciously crafted zip archive. Through this vulnerability, a threat actor can upload a payload file in the /etc/cron.d/ directory and execute arbitrary commands via the cron service.

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.

Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, or 9.4.1 and above.

https://www.fortiguard.com/psirt/FG-IR-22-300