FortiNAC - External Control of File Name or Path in keyUpload scriptlet
Summary
An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.
Affected Products
FortiNAC version 9.4.0FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions
Solutions
Please upgrade to FortiNAC version 9.4.1 or above
Please upgrade to FortiNAC version 9.2.6 or above
Please upgrade to FortiNAC version 9.1.8 or above
Please upgrade to FortiNAC F version 7.2.0 or above