Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions.
Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching.
About the vulnerabilities
CVE-2022-39952 is an external control of file name or path vulnerability in the webserver of FortiNAC, Fortinet’s network access control solution. It can be exploited by an unauthenticated attacker to perform arbitrary write on a vulnerable system.