WEB FortiNAC keyUpload Scriptlet Arbitrary File Write (CVE-2022-39952)
Rule ID
1232248
Severity
Critical
Description
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Impact
Remote command execution
Recommendation
Update vendor's patch.
IPS Category
Web threats
IPS Anomaly Group
N/A
IPS Rule Default Action
Deny
References
Keywords
N/A
Date Created
2023/02/22
Last Updated
2023/03/15
This website uses cookies to ensure you get the best experience on our website.
Learn more