



Researchers have disclosed details of how to exploit a critical remote code execution (RCE) bug in Fortinet’s FortiNAC product. This allows an unauthenticated attacker to write arbitrary files on the system and accomplish her RCE as the root user.

Organizations use FortiNAC as their network access control solution to monitor and protect all digital assets connected to corporate networks. The product can be used to manage a wide variety of devices including enterprise endpoints, Internet of Things (IoT), operational technology and industrial control systems (OT/ICS), and connected medical devices (IoMT). Intended to provide visibility, control, and automated response to anything that connects to your network, this device allows attackers to pivot and move deep into your network to enumerate your environment. and provide a golden opportunity to steal confidential information.

Researchers at Horizon3.ai published a blog post containing a technical analysis and proof-of-concept (POC) exploit for the vulnerability, tracked as CVE-2022-39952, disclosed and patched by Fortinet last week. Released. The attacker then released the exploit code on his GitHub.

Fortinet’s Gwendal Gugniaud discovered this vulnerability and gave it a critical rating of 9.8 on the CVSS Vulnerability Severity Scale. The bug gives an attacker external control over a filename or path vulnerability on her FortiNAC web server, which Fortinet said in an advisory could allow arbitrary, unauthenticated writes to the system. I’m here.

Fortinet has patched the affected product versions and urges customers to update to FortiNAC version 9.4.1 or newer, FortiNAC version 9.2.6 or newer, FortiNAC version 9.1.8, or FortiNAC version 7.2.0 or newer. I’m here.

How to exploit the Fortinet FortiNAC vulnerability

While there are several ways an attacker could exploit the arbitrary file write flaw to obtain an RCE, the researchers used a so-called “cron job into /etc/cron.d/” to exploit the vulnerability. He said he created something.

Researchers extracted filesystems from both vulnerable and patched versions of the product to examine the flaws, and found that Fortinet found /bsc/campusMgr/ui/ROOT in an update that patched the bug. I discovered that I deleted the problematic file /configWizard/keyUpload.jsp. The file was found to allow an unauthenticated endpoint to parse requests that provided a file with a key parameter and write it to /bsc/campusMgr/config.applianceKey, the researchers said. I’m here.

To exploit this flaw, researchers successfully wrote a file and made a call to execute a bash script. This allows you to unzip the file that was just written. Zach Hanley, Chief Attack Engineer at Horizon3.ai, wrote in a blog post, “The unzip process allows files to be placed in any path as long as it doesn’t pass above the current working directory.” . “Calling unzip within a bash script can write arbitrary files because the working directory is /.”

“Immediately, I could see this call to an attacker-controlled file and see several recent vulnerabilities exploiting archive decompression,” he added.

Researchers used the aforementioned cron job that involved weaponizing the flaw with the code /etc/cron.d/payload. The job will trigger every minute and start a reverse shell for the attacker. To do this, the researchers created a zip archive containing the files, specified a path to extract from, and sent the malicious zip file to the vulnerable endpoint’s key field, the researchers said. I’m here.

“Within a minute, you’ll have a reverse shell as the root user,” wrote Hanley, who will be able to run remote code.

Attacker interest history

Historically, attackers have tended to attack Fortinet before the company knew the flaw existed. Organizations running affected versions of his FortiNAC are wise to update to the patched product as soon as possible, as it provides an excellent opportunity to gain a foothold in corporate networks. To date, neither Fortinet nor Horizon3.ai are aware of any instances of attackers exploiting this vulnerability, but a proof-of-concept for the latter has been made public, providing step-by-step details on how to exploit it. This is likely because change.

In January, researchers linked a sophisticated new backdoor called BoldMove to a zero-day vulnerability that Fortinet discovered in multiple versions of its FortiOS and FortiProxy technologies in December. This flaw allowed an unauthenticated attacker to execute arbitrary code on the affected system. In the zero-day attack, a China-based attacker engaged in cyber espionage created malware to run on Fortinet’s FortiGate firewall even before the vulnerability was made public and patched. It seems that

In October, a critical authentication bypass vulnerability in multiple versions of Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager technologies also drew significant attention from attackers, especially after the exploit code for the vulnerability was made public. showed.

Sources 1/ https://Google.com/ 2/ https://www.darkreading.com/endpoint/exploit-code-released-critical-fortinet-rce-bug The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos