FortiNAC keyUpload.jsp command execution

Added: 02/24/2023

Background

FortiNAC is a network access control solution.

Problem

A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution.

Resolution

Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, 9.4.1 or higher.

References

https://www.fortiguard.com/psirt/FG-IR-22-300
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/

Platforms

FortiNAC

Back to exploit index