FortiNAC - External Control of File Name or Path in keyUpload scriptlet
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-300
Final
1
1
2023-02-16T00:00:00
Current version
2023-02-16T00:00:00
2023-02-16T00:00:00
An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.
None
Execute unauthorized code or commands
FortiNAC version 9.4.0FortiNAC version 9.2.0 through 9.2.5FortiNAC version 9.1.0 through 9.1.7FortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 8.3 all versions
Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC F version 7.2.0 or above
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.
FortiNAC 9.4.0
FortiNAC 9.2.5
FortiNAC 9.2.4
FortiNAC 9.2.3
FortiNAC 9.2.2
FortiNAC 9.2.1
FortiNAC 9.2.0
FortiNAC 9.1.7
FortiNAC 9.1.6
FortiNAC 9.1.5
FortiNAC 9.1.4
FortiNAC 9.1.3
FortiNAC 9.1.2
FortiNAC 9.1.1
FortiNAC 9.1.0
FortiNAC 8.8.11
FortiNAC 8.8.10
FortiNAC 8.8.9
FortiNAC 8.8.8
FortiNAC 8.8.7
FortiNAC 8.8.6
FortiNAC 8.8.5
FortiNAC 8.8.4
FortiNAC 8.8.3
FortiNAC 8.8.2
FortiNAC 8.8.1
FortiNAC 8.8.0
FortiNAC 8.7.6
FortiNAC 8.7.5
FortiNAC 8.7.4
FortiNAC 8.7.3
FortiNAC 8.7.2
FortiNAC 8.7.1
FortiNAC 8.7.0
FortiNAC 8.6.5
FortiNAC 8.6.4
FortiNAC 8.6.3
FortiNAC 8.6.2
FortiNAC 8.6.1
FortiNAC 8.6.0
FortiNAC 8.5.4
FortiNAC 8.5.3
FortiNAC 8.5.2
FortiNAC 8.5.1
FortiNAC 8.5.0
FortiNAC 8.3.7
FortiNAC - External Control of File Name or Path in keyUpload scriptlet
CVE-2022-39952
FortiNAC-9.4.0
FortiNAC-9.2.5
FortiNAC-9.2.4
FortiNAC-9.2.3
FortiNAC-9.2.2
FortiNAC-9.2.1
FortiNAC-9.2.0
FortiNAC-9.1.7
FortiNAC-9.1.6
FortiNAC-9.1.5
FortiNAC-9.1.4
FortiNAC-9.1.3
FortiNAC-9.1.2
FortiNAC-9.1.1
FortiNAC-9.1.0
FortiNAC-8.8.11
FortiNAC-8.8.10
FortiNAC-8.8.9
FortiNAC-8.8.8
FortiNAC-8.8.7
FortiNAC-8.8.6
FortiNAC-8.8.5
FortiNAC-8.8.4
FortiNAC-8.8.3
FortiNAC-8.8.2
FortiNAC-8.8.1
FortiNAC-8.8.0
FortiNAC-8.7.6
FortiNAC-8.7.5
FortiNAC-8.7.4
FortiNAC-8.7.3
FortiNAC-8.7.2
FortiNAC-8.7.1
FortiNAC-8.7.0
FortiNAC-8.6.5
FortiNAC-8.6.4
FortiNAC-8.6.3
FortiNAC-8.6.2
FortiNAC-8.6.1
FortiNAC-8.6.0
FortiNAC-8.5.4
FortiNAC-8.5.3
FortiNAC-8.5.2
FortiNAC-8.5.1
FortiNAC-8.5.0
FortiNAC-8.3.7
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-300
FortiNAC - External Control of File Name or Path in keyUpload scriptlet
Reference>