Following what the company referred to as “sensationalized reports” regarding recent exploitation attempts targeting a vulnerability in its FortiNAC network access control (NAC) product, Fortinet has provided some crucial clarifications.
A remote, unauthenticated attacker may use the vulnerability, tracked as CVE-2022-39952, to execute arbitrary code. Fortinet internally discovered the problem. The flaw was patched on February 16, and a cybersecurity firm released technical information and a proof-of-concept (PoC) exploit on February 21.
The same day, nonprofit cybersecurity group Shadowserver reported that exploitation attempts were now coming from numerous IP addresses in its honeypots. Threat intelligence company GreyNoise noted “broad” CVE-2022-39952 exploitation the following day from two IP addresses.
Read More: Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.