{"id":28811,"date":"2023-02-18T11:34:48","date_gmt":"2023-02-18T10:34:48","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=28811"},"modified":"2023-02-18T11:34:48","modified_gmt":"2023-02-18T10:34:48","slug":"fortinet-fixes-critical-rce-vulnerabilities-in-fortinac-and-fortiweb","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/02\/18\/fortinet-fixes-critical-rce-vulnerabilities-in-fortinac-and-fortiweb\/","title":{"rendered":"Fortinet fixes critical RCE vulnerabilities in FortiNAC and FortiWeb"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Administrators of Fortinet's FortiNAC and FortiWeb need to take action. The vendor released a security advisory this week and fixed critical RCE vulnerabilities. The question that arises: Why only now, isn't the vulnerability CVE-2021-42756 probably known since 2021? Is there something being exploited in the wild? Here is some information about it.<\/p>\n

<\/p>\n

\"\"I came across the issue in several places right away. In the following tweet<\/a>, the Horizon3 Attack Team points out the RCE vulnerability CVE-2022-39952, which allows an unauthenticated user to gain root user privileges in Fortinet FortiNAC.<\/p>\n

\"Fortinet<\/a><\/p>\n

And Will Dormann\u00a0raises in the following tweet<\/a> the question of why a security warning is coming now when CVE-2021-42756 was already assigned in 2021?<\/p>\n

\"CVE-2021-42756<\/a><\/p>\n

Fortigate has published security alert FG-IR-22-300<\/a> (FortiNAC – External Control of File Name or Path in keyUpload scriptlet) for vulnerability CVE-2022-39952<\/a> (CVSSv3 score 9.8, critical), writing that external control of the file name or path [CWE-73] in the FortiNAC web server could allow an unauthenticated attacker to perform arbitrary write operations on the system. This was uncovered by the internal security team. Affected are:<\/p>\n