image credit: Unsplash

Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)

February 20, 2023

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions.

Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching.

About the vulnerabilities

CVE-2022-39952 is an external control of file name or path vulnerability in the webserver of FortiNAC, Fortinet’s network access control solution. It can be exploited by an unauthenticated attacker to perform arbitrary write on a vulnerable system.

Read More on Help Net Security