Fortinet has released security updates for its FortiNAC and FortiWeb products. The updates address two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution. The first flaw, impacting FortiNAC, is tracked as CVE-2022-39952 and has a CVSS score of 9.8. FortiNAC is a network access control solution that helps organizations gain real-time network visibility, enforce security policies, and detect and mitigate threats. The second vulnerability impacts FortiWeb and is tracked as CVE-2021-42756 and has a CVSS score of 9.3. FortiWeb is a web application firewall (WAF) solution designed to protect web apps and API from cross-site scripting (XSS), SQL injection, bot attacks, DDoS (Distributed Denial of Service), and other online threats.
Analyst Notes
Servers running the affected versions of these Fortinet products should be updated to a version that is not susceptible to these attacks. Whenever a product releases a security patch, it is important to test and implement the update as soon as possible to prevent attackers from being able to exploit vulnerabilities. A full list of affected product versions can be found in the source article.
https://www.infosecurity-magazine.com/news/hackers-fake-emsisoft-certificate/
