A proof-of-concept exploit for a major vulnerability (CVE-2022-39952) in Fortinet’s FortiNAC network access control suite has been made public by security researchers. Prioritizing the installation of the available security updates is advised for organisations running FortiNAC 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, and all versions on the 8.8, 8.7, 8.6, 8.5, and 8.3 branches.
The security flaw was revealed by Fortinet on February 16 and was given a severity rating of 9.8. The vendor issued a warning, stating that it may be used by an unauthenticated attacker to write arbitrary files on the system and execute remote code with root capabilities.