Information Security Specialists Fix Attacks on a Fresh Vulnerability in FortiNAC

Attacks on Vulnerability in FortiNAC
Written by Emma Davis

Experts have found that a fresh vulnerability in Fortinet FortiNAC, closed earlier this month, is already being used in hacker attacks. Experts said that more than 700,000 devices are vulnerable to the problem, but Fortinet developers assure that everything is not so scary.

Let me remind you that last week, researchers published a PoC exploit for a critical vulnerability (CVE-2022-39952) in Fortinet FortiNAC. This issue is related to external filenames and path control in FortiNAC. It is rated 9.8 out of 10 on the CVSS scale and allows an unauthenticated attacker to write arbitrary files to the system, and can also lead to the execution of arbitrary code.

Let me remind you that we also wrote that Fortinet Informs Customers about a Critical Vulnerability.

GreyNoise and CronUp experts reported that the vulnerability was exploited in attacks. According to them, the exploitation was widespread and was used to open reverse shells, as well as create fortii.jsp and shell.jsp web shells in the bsc/campusMgr/ui/ROOT/ folder on compromised devices.

The researchers emphasized that “the vulnerability is critical and key to the cybersecurity ecosystem, as it primarily allows initial access to corporate networks.”

Fortinet ended up publishing a blog post informing customers that CVE-2022-39952 is a critical issue that really needs to be fixed immediately.

At the same time, many reports and articles published after the disclosure of data on CVE-2022-39952 mentioned a search in Shodan, which showed more than 700,000 Fortinet devices connected to the Internet. However, this does not mean that all these devices are vulnerable to CVE-2022-39952 and attacks. Fortinet emphasizes that some of the “sensational reports” of experts about the potential operation of 711,000 devices are not true.

These reports are false. The fact is that most organizations use FortiNAC in isolated environments that are not connected to the Internet. While Fortinet has a strong cybersecurity portfolio and has shipped over 10 million devices, the number of vulnerable devices is estimated about 711,234. The messages are not true.the company said.

Information security specialists also wrote about an exploit for Fortinet products which affects FortiGate firewalls, FortiProxy web proxy, and FortiSwitch Manager.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.