Fortinet has recently provided additional details about reports of attempted remote exploitation targeting a weakness in its FortiNAC solution for network access control (NAC).
The vulnerability, tracked as CVE-2022-39952, was discovered internally by Fortinet and patches were released on February 16. On February 21, both a proof-of-concept (PoC) exploit and technical details were made public. On the same day, honeypots operated by nonprofit cybersecurity organization Shadowserver started to detect exploitation attempts coming from multiple IPs.
Threat intelligence firm GreyNoise reported seeing ‘broad’ exploitation of CVE-2022-39952 from two IP addresses, while Chile-based security firm Cronup saw ‘mass exploitation’ from 10 IPs. Some attempts were designed to identify vulnerable FortiNAC systems, while others deployed a reverse shell.
Fortinet published a blog post on Thursday, telling customers that CVE-2022-39952 is a critical issue that needs to be patched immediately. However, the company clarified that the reports of mass exploitation of 711,000 devices are false. It also pointed out that the exploitation attempts seen by the cybersecurity industry might not actually be aimed at FortiNAC devices.
The actual impact from the exploitation of CVE-2022-39952 remains to be seen. However, it is important that FortiNAC users do not ignore the potential threat as sophisticated threat actors have been known to target Fortinet products in their attacks.
In conclusion, Fortinet has released clarifications regarding recent exploitation attempts targeting a vulnerability in its FortiNAC network access control (NAC) solution. While the company has stated that reports of mass exploitation of 711,000 devices are false, it is important that FortiNAC users take the necessary measures to protect their systems from potential attacks.
Key Points:
- Fortinet recently released clarifications regarding reports of remote exploitation attempts targeting a vulnerability in its FortiNAC network access control (NAC) solution.
- The vulnerability was discovered internally by Fortinet and patches were released on February 16.
- Reports of mass exploitation of 711,000 devices are false.
- The actual impact from the exploitation of CVE-2022-39952 remains to be seen.
- FortiNAC users should take the necessary measures to protect their systems from potential attacks.