FortiNAC - Stored XSS triggering RCE via license key forgery

Summary

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.

Affected Products

FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.2
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions

Solutions

Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.3 or above

Acknowledgement

Fortinet is pleased to thank Ilya "E Liu Ha" Polyakov, Angara Security for bringing this issue to our attention under responsible disclosure.

Timeline

2023-04-13: Initial publication