Fortinet Clarifies Reports of CVE-2022-39952 Exploitation
February 24, 2023
Fortinet has provided clarifications following reports of exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952. Patches for the flaw were announced on February 16, and technical details and a proof-of-concept (PoC) exploit were made public by a cybersecurity company on February 21. Nonprofit cybersecurity organization Shadowserver and threat intelligence firm GreyNoise reported seeing exploitation attempts coming from multiple IPs. Fortinet clarified that "The fact is most organizations leverage FortiNAC in air-gapped environments that are not exposed to the internet. And while Fortinet has a vast cybersecurity portfolio and has shipped over 10M units, in reality, there aren’t 711,234 devices out there that are vulnerable." According to Fortinet, the exploitation attempts seen by the cybersecurity industry might not actually be aimed at FortiNAC devices. As quoted by Fortinet, "Cloud honeypot activity only shows attackers attempting to compromise some sort of device (not necessarily FortiNAC devices) with the externally provided POC code." The actual impact from the exploitation of CVE-2022-39952 remains to be seen, but Fortinet urges users to patch the vulnerability immediately.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.