Fortinet FortiNAC vulnerability exploited in wild days after patch release

71
Fortinet FortiNAC vulnerability exploited in wild days after patch release

A wild exploit of the Fortinet FortiNAC vulnerability tracked as CVE-2022-39952 was seen just days after the patch was announced, and a proof-of-concept (PoC) exploit was published on the same day.

Fortinet published 40 security advisories on February 16, including one describing a critical vulnerability in the company’s FortiNAC network access control (NAC) solution. The security hole was discovered internally by Fortinet. The flaw, an external filename and path issue, could be exploited by an unauthenticated attacker to write data to the system, which could lead to arbitrary code execution.

On February 21, autonomous pentesting company Horizon3 published a blog post detailing how CVE-2022-39952 can be exploited and also released an exploit PoC.

Read more: Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.