You are currently viewing FortiNAC – External Control of File Name or Path in key Upload scriptlet

FortiNAC – External Control of File Name or Path in key Upload scriptlet

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. Ref https://www.fortiguard.com/psirt/FG-IR-22-300?is=2cc6d9fee63e51b4df67755c8a11cab81fce9792ae437cda7111604e302c9ce2