Vulnerability Management, Threat Management

Critical Fortinet FortiNAC vulnerability under active exploitation

Attacks aimed at internet-exposed Fortinet FortiNAC appliances exploiting the already-patched critical flaw, tracked as CVE-2022-39952, have been underway just a day following the release of a proof-of-concept exploit code by Horizon3 security researchers, reports BleepingComputer. Vulnerable FortiNAC instances were initially observed to be attacked with CVE-2022-39952 exploits on Tuesday by Shadowserver Foundation researchers, whose findings were later verified by CronUp and GreyNoise. Widespread attacks exploiting the flaw are ongoing, with the intrusions corresponding to PoC exploit capabilities detailed by Horizon3, said Cronup security researcher German Fernandez. "This vulnerability is critical and key in the Cybersecurity ecosystem, since in the first instance, it could allow initial access to the corporate network," added Fernandez. Attackers leveraging the flaw were also noted by CronUp to be utilizing cron jobs for reverse shell opening to their IP addresses. The exploitation of the Fortinet FortiNAC vulnerability comes after government entities and other government-linked targets were subjected to attacks with a FortiOS SSL-VPN zero-day, tracked as CVE-2022-42475, which was patched in December.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.