Fortinet FortiNAC - Remote Code Execution (CVE-2022-39952)
- CVSSv3 Score
- Exploitable with Sniper
- Vulnerability description
Fortinet FortiNAC server is vulnerable to CVE-2022-39952, a Remote Code Execution through an Arbitrary File Upload vulnerability, affecting the
/configWizard/keyUpload.jsp. The root cause of this vulnerability consists in poor handling of user uploaded archives via the KeyUpload.jsp endpoint. The archives are automatically extracted as the
rootuser in the
/directory, allowing an attacker to upload any file anywhere in the filesystem via a maliciously crafted zip archive. Through this vulnerability, a threat actor can upload a payload file in the
/etc/cron.d/directory and execute arbitrary commands via the cron service.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.
Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, or 9.4.1 and above.
- Detectable with
- Network Scanner
- Vuln date
- Feb 2023
- Published at
- Updated at
- Software Type
- Network Access Control
- Not available