Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Pierluigi Paganini February 17, 2023

Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products.

Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions.

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.

The CVE-2022-39952 flaw (CVSS score of 9.8) is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

“An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.” reads the advisory.

The affected products are:

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions

The CVE-2022-39952 vulnerability is fixed in FortiNAC 9.4.1 and later, 9.2.6 and later, 9.1.8 and later, and 7.2.0 and later.

The second vulnerability, tracked as CVE-2021-42756 (CVSS v3 score of 9.3), affects FortiWeb. The issue was internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.

“Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb’s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests” reads the advisory.

Affected products are FortiWeb versions 5.x all versions, versions 6.0.7 and below, versions 6.1.2 and below, versions 6.2.6 and below, versions 6.3.16 and below, and versions 6.4 all versions.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)



you might also like

leave a comment