Fortinet fixes critical RCE vulnerabilities in FortiNAC and FortiWeb

Sicherheit (Pexels, allgemeine Nutzung)[German]Administrators of Fortinet's FortiNAC and FortiWeb need to take action. The vendor released a security advisory this week and fixed critical RCE vulnerabilities. The question that arises: Why only now, isn't the vulnerability CVE-2021-42756 probably known since 2021? Is there something being exploited in the wild? Here is some information about it.


I came across the issue in several places right away. In the following tweet, the Horizon3 Attack Team points out the RCE vulnerability CVE-2022-39952, which allows an unauthenticated user to gain root user privileges in Fortinet FortiNAC.

Fortinet FortiNAC RCE CVE-2022-39952

And Will Dormann raises in the following tweet the question of why a security warning is coming now when CVE-2021-42756 was already assigned in 2021?

CVE-2021-42756 in Fortinet Fortigate

Fortigate has published security alert FG-IR-22-300 (FortiNAC – External Control of File Name or Path in keyUpload scriptlet) for vulnerability CVE-2022-39952 (CVSSv3 score 9.8, critical), writing that external control of the file name or path [CWE-73] in the FortiNAC web server could allow an unauthenticated attacker to perform arbitrary write operations on the system. This was uncovered by the internal security team. Affected are:


  • FortiNAC version 9.4.0
  • FortiNAC version 9.2.0 bis 9.2.5
  • FortiNAC version 9.1.0 bis 9.1.7
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.3 all versions

As a result, the vendor has released security updates; subsequent versions no longer contain the vulnerability.

  • FortiNAC version 9.4.1 or higher
  • FortiNAC version 9.2.6 or higher
  • FortiNAC version 9.1.8 or higher
  • FortiNAC version 7.2.0 or higher

The colleagues at Bleeping Computer have addressed the issue in this post. There they also address the vulnerability CVE-2021-42756 (CVSS v3 score 9.3, critical) in FortiWeb (web application firewall).

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *