External Control of File Name or Path in keyUpload scriptlet

Summary

An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.

Affected Products

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions

Solutions

Please upgrade to FortiNAC version 9.4.1 or above
Please upgrade to FortiNAC version 9.2.6 or above
Please upgrade to FortiNAC version 9.1.8 or above
Please upgrade to FortiNAC F version 7.2.0 or above

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

Timeline

2023-02-16: Initial publication