Share 
## https://sploitus.com/exploit?id=SAINT:3D9272E5DF5B68BC6BFFAC8C65DC1FDF
Added: 02/24/2023  


### Background

FortiNAC is a network access control solution. 

### Problem

A vulnerability in the `**keyUpload.jsp**` resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. 

### Resolution

Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, 9.4.1 or higher. 

### References

https://www.fortiguard.com/psirt/FG-IR-22-300   
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/   


### Platforms

FortiNAC