Security News
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of vulnerable devices using specially crafted requests. FortiOS version 7.2.0 through 7.2.3.
Threat actors are targeting Internet-exposed Fortinet appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. These attacks come one day after Horizon3 security researchers released proof-of-concept exploit code for the critical-severity flaw that will add a cron job to initiate a reverse shell on compromised systems as the root user.
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability in Fortinet's FortiNAC network access control suite. Proof-of-concept exploit code is also available from the company's repository on GitHub.
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability in Fortinet's FortiNAC network access control suite. Proof-of-concept exploit code is also available from the company's repository on GitHub.
Horizon3's Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet's network access control solution. "Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write a cron job to /etc/cron.d/payload. This cron job gets triggered every minute and initiates a reverse shell to the attacker," shared Zach Hanley, Chief Attack Engineer at Horizon3.
Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities affecting its FortiNAC and FortiWeb solutions.Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching.
Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.
Cybersecurity solutions company Fortinet has released security updates for its FortiNAC and FortiWeb products, addressing two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution.FortiNAC is a network access control solution that helps organizations gain real-time network visibility, enforce security policies, and detect and mitigate threats.
The attackers were focused on maintaining persistence on exploited devices by using the custom malware to patch the FortiOS logging processes so that specific log entries could be removed or to disable the logging process altogether. Yesterday, Mandiant published a report about a suspected Chinese espionage campaign leveraging the FortiOS flaw since October 2022 using a new 'BOLDMOVE' malware explicitly designed for attacks on FortiOS devices.
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider located in Africa. The intrusion vector in question relates to the exploitation of CVE-2022-42475, a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenticated remote code execution via specifically crafted requests.