Threat Watch

Hackers use Fake Certificate to Hide Attack

Fortinet has released security updates for its FortiNAC and FortiWeb products. The updates address two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution. The first flaw, impacting FortiNAC, is tracked as CVE-2022-39952 and has a CVSS score of 9.8. FortiNAC is a network access control solution that helps organizations gain real-time network visibility, enforce security policies, and detect and mitigate threats. The second vulnerability impacts FortiWeb and is tracked as CVE-2021-42756 and has a CVSS score of 9.3. FortiWeb is a web application firewall (WAF) solution designed to protect web apps and API from cross-site scripting (XSS), SQL injection, bot attacks, DDoS (Distributed Denial of Service), and other online threats.


Servers running the affected versions of these Fortinet products should be updated to a version that is not susceptible to these attacks. Whenever a product releases a security patch, it is important to test and implement the update as soon as possible to prevent attackers from being able to exploit vulnerabilities. A full list of affected product versions can be found in the source article.