HomePentest-Tools.com Logo

Fortinet FortiNAC - Remote Code Execution (CVE-2022-39952)

Severity
CVSSv3 Score
9.8
Vulnerability description

Fortinet FortiNAC server is vulnerable to CVE-2022-39952, a Remote Code Execution through an Arbitrary File Upload vulnerability, affecting the /configWizard/keyUpload.jsp. The root cause of this vulnerability consists in poor handling of user uploaded archives via the KeyUpload.jsp endpoint. The archives are automatically extracted as the root user in the / directory, allowing an attacker to upload any file anywhere in the filesystem via a maliciously crafted zip archive. Through this vulnerability, a threat actor can upload a payload file in the /etc/cron.d/ directory and execute arbitrary commands via the cron service.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.

Recommendation

Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, or 9.4.1 and above.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
Feb 2023
Published at
Updated at
Software Type
Network Access Control
Vendor
Fortinet
Product
FortiNAC