Fortinet Clarifies Reports of CVE-2022-39952 Exploitation

February 24, 2023

Fortinet has provided clarifications following reports of exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952. Patches for the flaw were announced on February 16, and technical details and a proof-of-concept (PoC) exploit were made public by a cybersecurity company on February 21. Nonprofit cybersecurity organization Shadowserver and threat intelligence firm GreyNoise reported seeing exploitation attempts coming from multiple IPs. Fortinet clarified that "The fact is most organizations leverage FortiNAC in air-gapped environments that are not exposed to the internet. And while Fortinet has a vast cybersecurity portfolio and has shipped over 10M units, in reality, there aren’t 711,234 devices out there that are vulnerable." According to Fortinet, the exploitation attempts seen by the cybersecurity industry might not actually be aimed at FortiNAC devices. As quoted by Fortinet, "Cloud honeypot activity only shows attackers attempting to compromise some sort of device (not necessarily FortiNAC devices) with the externally provided POC code." The actual impact from the exploitation of CVE-2022-39952 remains to be seen, but Fortinet urges users to patch the vulnerability immediately.

Related News

• Critical Vulnerability in FortiNAC Exploited
• Fortinet Releases Security Updates for FortiNAC and FortiWeb

Latest News

• Hundreds of Popular Container Images Contain Hidden Vulnerabilities
• Weaponizing of CVE-2022-47966 Vulnerability Detected
• Cisco Patches High-Severity Vulnerabilities in ACI Software
• Hundreds of R1Soft Servers Compromised Through CVE-2022-36537
• CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities