top of page

FortiNAC Vulnerability: Hackers Get the Key to Your Castle - CVE-2022-39952

Imagine having a burglar knock on your door and ask if they can come in and steal your valuables. Sounds absurd, right? Well, that's essentially what the latest cybersecurity threat, CVE-2022-39952, allows for.

This critical vulnerability in the Fortinet FortiNAC system, with a CVSS score of 9.8 out of 10, gives hackers the equivalent of a skeleton key to your digital front door, allowing them to execute unauthorised code and commands on your network without even needing a password. It's like inviting a thief into your home and handing them the combination to your safe.

In this blog post, we'll take a closer look at CVE-2022-39952 and explore what you can do to protect your organization from this latest threat.

What is it?

This vulnerability is caused by a file named "keyUpload.jsp" found in vulnerable versions of Fortinet FortiNAC. The scriptlet has a feature that allows users to upload arbitrary files. The uploaded file is saved to "/bsc/campusMgr/config/upload.applianceKey".

Why Should I Care?

If you work in an organization that uses Fortinet FortiNAC, this should be of utmost concern to you. An attacker can exploit this vulnerability to create cronjobs or upload malicious SSH keys, allowing for the threat actor to get remote control of the device or upload potential malware. By sending specially crafted packets to the targeted system, a buffer overflow condition is triggered that can then be used by an attacker to execute arbitrary code or commands on the system with the privileges of the vulnerable process.

To exploit this vulnerability, the attacker would need to have access to the network where the vulnerable system is located. They could also use a phishing email or other social engineering techniques to trick a user into clicking on a link or opening a file that contains the exploit code.

As observed by Cytidel in previous intel reports, this FortiNAC vulnerability continues to see an exploitability score increase after a public exploit PoC was released earlier this year. The EPSS score has increased significantly from 9.03% and 16.53% in February and March 2023, to 96.59% in May 2023. It is now the number one most exploited vulnerability in the last 90days.

What Can I Do?

The best way to mitigate this vulnerability is to upgrade to FortiNAC versions 9.4.1, 9.2.6, 9.1.8, or 7.2.0. Additionally, it is essential to ensure that all employees and users are aware of the potential risks posed by phishing emails and social engineering attacks. Training and awareness campaigns can help employees identify and report suspicious activities that could lead to a potential data breach.

Keep your organisation ahead of threats with Cytidel Threat Intelligence

To find out more about Cytidel’s threat intelligence offering, visit:

Stay safe and secure!

The Cytidel Threat Intelligence Team

12 views0 comments
bottom of page