SB2023021902 - Multiple vulnerabilities in FortiNAC

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) External Control of File Name or Path (CVE-ID: CVE-2022-39952)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application allows an attacker to control path of the files to write within the keyUpload scriptlet. A remote non-authenticated attacker can send a specially crafted HTTP request and upload arbitrary files to the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

2) OS Command Injection (CVE-ID: CVE-2022-40677)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the FortiNAC webserver. A remote privileged user can pass specially crafted data to the application and execute arbitrary OS commands on the system.

3) Insufficiently protected credentials (CVE-ID: CVE-2022-40678)

The vulnerability allows a local user to recover passwords from database.

The vulnerability exists due to FortiNAC stores users' passwords in an insecure way. A local user with access to the database can recover passwords and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://fortiguard.com/psirt/FG-IR-22-300
• https://fortiguard.com/psirt/FG-IR-22-280
• https://fortiguard.com/psirt/FG-IR-22-265