Security News > 2023 > February > Exploit released for critical Fortinet RCE flaws, patch now
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability in Fortinet's FortiNAC network access control suite.
Proof-of-concept exploit code is also available from the company's repository on GitHub.
The analysts discovered that the fix for CVE-2022-39952 removed 'keyUpload.jsp,' an endpoint that parses requests for a 'key' parameter, writes it on a config file, and then executes a bash script, 'configApplianceXml.
The bash script executes the 'unzip' command on the newly written file, but just before that, the script calls "Cd /.".
"Because the working directory is /, the call unzip inside the bash script allows any arbitrary file to be written," the researchers added.
The 'key' parameter ensures that the malicious request will reach 'keyUpload.jsp,' which is the unauthenticated endpoint that Fortinet removed in the fixed versions of FortiNAC. The code from Horizon3 automates this process and could be picked up and modified by threat actors into a weaponized exploit.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-16 | CVE-2022-39952 | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | 9.8 |