Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible.
FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As such, it can be deployed at the network perimeter, making it an easier target for internet-based attacks. According to Shodan scans, more than 700,000 Fortinet devices are connected to the internet around the world.