WEB FortiNAC keyUpload Scriptlet Arbitrary File Write (CVE-2022-39952)

Rule ID

1232248

Severity

Critical

Description

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Impact

Remote command execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2022-39952

msf

T1059.004

T1190

T1543

T1574

T0819

Keywords

N/A

Date Created

2023/02/22

Last Updated

2023/03/15

This website uses cookies to ensure you get the best experience on our website.

Learn more