FortiNAC keyUpload.jsp command execution
Added: 02/24/2023Background
FortiNAC is a network access control solution.Problem
A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution.Resolution
Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, 9.4.1 or higher.References
https://www.fortiguard.com/psirt/FG-IR-22-300https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Platforms
FortiNACBack to exploit index