Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs, with indicators of compromise and a link to the team’s proof of concept on GitHub.
FortiNAC is Fortinet’s network access control solution that “enhances the Fortinet Security Fabric with visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic response to a wide range of networking events,” Fortinet’s website notes.
The FortiNAC CVE-2022-39952 allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
You can read the deep dive here: https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Related
This entry was posted on February 21, 2023 at 8:53 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs published by Horizon3.ai
Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs, with indicators of compromise and a link to the team’s proof of concept on GitHub.
FortiNAC is Fortinet’s network access control solution that “enhances the Fortinet Security Fabric with visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic response to a wide range of networking events,” Fortinet’s website notes.
The FortiNAC CVE-2022-39952 allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
You can read the deep dive here: https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Share this:
Like this:
Related
This entry was posted on February 21, 2023 at 8:53 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.