Security News

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

2023-06-27 05:35

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. "A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," Fortinet said in an advisory published last week.

#attack #codeexecution #fortinac #fortinet #vulnerability #CVE-2023-33300

Fortinet fixes critical FortiNAC remote command execution flaw

2023-06-23 12:42

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats.

#critical #fortinac #fortinet #remote #CVE-2022-39952 #CVE-2023-33300

PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)

2023-02-21 14:25

Horizon3's Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet's network access control solution. "Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write a cron job to /etc/cron.d/payload. This cron job gets triggered every minute and initiates a reverse shell to the attacker," shared Zach Hanley, Chief Attack Engineer at Horizon3.

#exploit #fortinac #fortinet #POC #RCE #CVE-2022-39952

Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)

2023-02-20 06:00

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities affecting its FortiNAC and FortiWeb solutions.Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching.

#fortinet #security #POC #critical #fortinac #CVE-2022-39952

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

2023-02-19 06:27

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.

#fortinac #fortinet #fortios #CVE-2021-42756

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

2023-02-17 14:13

Cybersecurity solutions company Fortinet has released security updates for its FortiNAC and FortiWeb products, addressing two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution.FortiNAC is a network access control solution that helps organizations gain real-time network visibility, enforce security policies, and detect and mitigate threats.

#critical #fortinac #fortinet #RCE #CVE-2022-39952 #CVE-2021-42756

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}