Exploit for FortiNAC keyUpload.jsp command execution CVE-2022-39952

Name: Exploit for FortiNAC keyUpload.jsp command execution CVE-2022-39952
Rating: 5 (54 reviews)

2023-02-24 | CVSS 7.5

## https://sploitus.com/exploit?id=SAINT:3D9272E5DF5B68BC6BFFAC8C65DC1FDF
Added: 02/24/2023  


### Background

[FortiNAC](<https://www.fortinet.com/products/network-access-control>) is a network access control solution. 

### Problem

A vulnerability in the `**keyUpload.jsp**` resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. 

### Resolution

Upgrade to FortiNAC 7.2.0, 9.1.8, 9.2.6, 9.4.1 or higher. 

### References

<https://www.fortiguard.com/psirt/FG-IR-22-300>  
<https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/>  


### Platforms

FortiNAC