Critical vulnerability in Fortinet products

https://www.fortiguard.com/psirt/FG-IR-22-300

Summary

An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.

Affected Products

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions

Related posts:

Critical vulnerability in Fortinet products Cisco Secure Client Carriage Return Line Feed Injection Vulnerability Patch your confluence if it’s not done yet Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability