February 22 - UPDATED THREAT INTELLEGENCE:
Shadowserver reports that CVE-2022-39952 has been exploited in the wild.
Multiple vulnerabilities have been discovered in FortiNAC, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
Tactic: Initial Access (TA0001):
Technique: Exploit Public-Facing Application (T1190):
Details of lower-severity vulnerabilities are as follows:
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
We recommend the following actions be taken: