External Control of File Name or Path in keyUpload scriptlet

External Control of File Name or Path in keyUpload scriptlet Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-300 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system. None Execute unauthorized code or commands FortiNAC version 9.4.0FortiNAC version 9.2.0 through 9.2.5FortiNAC version 9.1.0 through 9.1.7FortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 8.3 all versionsFortiNAC 7.2 all versions are not affected Please upgrade to FortiNAC version 9.4.1 or abovePlease upgrade to FortiNAC version 9.2.6 or abovePlease upgrade to FortiNAC version 9.1.8 or abovePlease upgrade to FortiNAC F version 7.2.0 or above Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. FortiNAC 9.4.0 FortiNAC 9.2.5 FortiNAC 9.2.4 FortiNAC 9.2.3 FortiNAC 9.2.2 FortiNAC 9.2.1 FortiNAC 9.2.0 FortiNAC 9.1.7 FortiNAC 9.1.6 FortiNAC 9.1.5 FortiNAC 9.1.4 FortiNAC 9.1.3 FortiNAC 9.1.2 FortiNAC 9.1.1 FortiNAC 9.1.0 FortiNAC 8.8.11 FortiNAC 8.8.10 FortiNAC 8.8.9 FortiNAC 8.8.8 FortiNAC 8.8.7 FortiNAC 8.8.6 FortiNAC 8.8.5 FortiNAC 8.8.4 FortiNAC 8.8.3 FortiNAC 8.8.2 FortiNAC 8.8.1 FortiNAC 8.8.0 FortiNAC 8.7.6 FortiNAC 8.7.5 FortiNAC 8.7.4 FortiNAC 8.7.3 FortiNAC 8.7.2 FortiNAC 8.7.1 FortiNAC 8.7.0 FortiNAC 8.6.5 FortiNAC 8.6.4 FortiNAC 8.6.3 FortiNAC 8.6.2 FortiNAC 8.6.1 FortiNAC 8.6.0 FortiNAC 8.5.4 FortiNAC 8.5.3 FortiNAC 8.5.2 FortiNAC 8.5.1 FortiNAC 8.5.0 FortiNAC 8.3.7 External Control of File Name or Path in keyUpload scriptlet CVE-2022-39952 FortiNAC-9.4.0 FortiNAC-9.2.5 FortiNAC-9.2.4 FortiNAC-9.2.3 FortiNAC-9.2.2 FortiNAC-9.2.1 FortiNAC-9.2.0 FortiNAC-9.1.7 FortiNAC-9.1.6 FortiNAC-9.1.5 FortiNAC-9.1.4 FortiNAC-9.1.3 FortiNAC-9.1.2 FortiNAC-9.1.1 FortiNAC-9.1.0 FortiNAC-8.8.11 FortiNAC-8.8.10 FortiNAC-8.8.9 FortiNAC-8.8.8 FortiNAC-8.8.7 FortiNAC-8.8.6 FortiNAC-8.8.5 FortiNAC-8.8.4 FortiNAC-8.8.3 FortiNAC-8.8.2 FortiNAC-8.8.1 FortiNAC-8.8.0 FortiNAC-8.7.6 FortiNAC-8.7.5 FortiNAC-8.7.4 FortiNAC-8.7.3 FortiNAC-8.7.2 FortiNAC-8.7.1 FortiNAC-8.7.0 FortiNAC-8.6.5 FortiNAC-8.6.4 FortiNAC-8.6.3 FortiNAC-8.6.2 FortiNAC-8.6.1 FortiNAC-8.6.0 FortiNAC-8.5.4 FortiNAC-8.5.3 FortiNAC-8.5.2 FortiNAC-8.5.1 FortiNAC-8.5.0 FortiNAC-8.3.7 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-300 External Control of File Name or Path in keyUpload scriptlet Reference>