Horizon3's Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting Fortinet's network access control solution, FortiNAC. According to Zach Hanley, Chief Attack Engineer at Horizon3, "We use this vulnerability to write a cron job to /etc/cron.d/payload. This cron job gets triggered every minute and initiates a reverse shell to the attacker." Hanley also noted that attackers could overwrite and binary on the system that is regularly executed or SSH keys to a user profile. Greynoise has set up a tag to record CVE-2022-39952 exploitation attempts, but so far, none have been detected. To protect against this vulnerability, enterprise admins are advised to update their FortiNAC device(s) to version 9.4.1 or above, 9.2.6 or above, 9.1.8 or above, and 7.2.0 or above. As Hanley warned, "Arbitrary file write vulnerabilities can be abused in several ways to obtain remote code execution."
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.