The critical and many of the high-severity vulnerabilities were discovered internally by Fortinet. They can be exploited to execute arbitrary code with elevated privileges, execute arbitrary OS commands, perform administrative operations, obtain user passwords, launch XSS attacks, read and write files on the underlying Linux system, and hijack sessions, but many require authentication. The high-severity vulnerabilities for which patches were announced last week impact products such as FortiADC, FortiExtender, FortiNAC, FortiOS, FortiProxy, FortiSwitchManager, FortiWAN, and FortiWeb. There are hundreds of thousands of Fortinet systems that are exposed to the internet and many of them could be vulnerable to attacks exploiting CVE-2022-39952.įortinet’s advisories for CVE-2021-42756 and CVE-2022-39952 currently do not mention anything about exploitation in the wild. At the time of writing, there do not appear to be any attack attempts targeting CVE-2022-39952. Threat intelligence company GreyNoise has used information provided by Horizon3 to start monitoring the internet for attacks exploiting the vulnerability. Horizon3 also plans on releasing a proof-of-concept (PoC) exploit. The second critical advisory describes CVE-2022-39952, an external file name or path control issue in FortiNAC that can allow an unauthenticated attacker to write data on a system, which could result in arbitrary code execution.Īutonomous pentesting company Horizon3 announced that it will soon release a blog post detailing how CVE-2022-39952 can be exploited for remote code execution with root privileges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |