A World of Hurt for Fortinet and Zoho after users Fail to Install Patches

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Organizations around the world are once again learning the risks of not installing security updates as multiple threat actors race to exploit two recently patched vulnerabilities that allow them to infect some of the most critical parts of a protected network.

The vulnerabilities both carry severity ratings of 9.8 out of a possible 10 and reside in two unrelated products crucial in securing large networks. The first, tracked as CVE-2022-47966, is a pre-authentication remote code execution vulnerability in 24 separate products from software maker Zoho that use the company’s ManageEngine. It was patched in waves from last October through November. The second vulnerability, CVE-2022-39952, affects a product called FortiNAC, made by cybersecurity company Fortinet and was patched last week.

Both ManageEngine and FortiNAC are billed as zero-trust products, meaning they operate under the assumption a network has been breached and constantly monitor devices to ensure they’re not infected or acting maliciously. Zero-trust products don’t trust any network devices or nodes on a network and instead actively work to verify they’re safe.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top