[German]Administrators of Fortinet's FortiNAC and FortiWeb need to take action. The vendor released a security advisory this week and fixed critical RCE vulnerabilities. The question that arises: Why only now, isn't the vulnerability CVE-2021-42756 probably known since 2021? Is there something being exploited in the wild? Here is some information about it.
I came across the issue in several places right away. In the following tweet, the Horizon3 Attack Team points out the RCE vulnerability CVE-2022-39952, which allows an unauthenticated user to gain root user privileges in Fortinet FortiNAC.
And Will Dormann raises in the following tweet the question of why a security warning is coming now when CVE-2021-42756 was already assigned in 2021?
Fortigate has published security alert FG-IR-22-300 (FortiNAC – External Control of File Name or Path in keyUpload scriptlet) for vulnerability CVE-2022-39952 (CVSSv3 score 9.8, critical), writing that external control of the file name or path [CWE-73] in the FortiNAC web server could allow an unauthenticated attacker to perform arbitrary write operations on the system. This was uncovered by the internal security team. Affected are:
- FortiNAC version 9.4.0
- FortiNAC version 9.2.0 bis 9.2.5
- FortiNAC version 9.1.0 bis 9.1.7
- FortiNAC 8.8 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.5 all versions
- FortiNAC 8.3 all versions
As a result, the vendor has released security updates; subsequent versions no longer contain the vulnerability.
- FortiNAC version 9.4.1 or higher
- FortiNAC version 9.2.6 or higher
- FortiNAC version 9.1.8 or higher
- FortiNAC version 7.2.0 or higher
The colleagues at Bleeping Computer have addressed the issue in this post. There they also address the vulnerability CVE-2021-42756 (CVSS v3 score 9.3, critical) in FortiWeb (web application firewall).
Cookies helps to fund this blog: Cookie settings