The other day, Fortinet announced patches for 40 flaws, including two rated critical and 15 rated high severity.

Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution.

In most posts I write, I do very little selling. It’s unnecessary. I’m just sharing ideas, maybe educating. Today, I’m going to tell you how BackBox would help you fix this in the fastest way possible, and why we’re the best automation partner for keeping your network secure.

Undoubtably, these sorts of CVEs are critical to pay attention to, and to get fixed. Across all vendors. This isn’t a Fortinet issue by any means.

Yet updates such as these are complicated. They’re time consuming. And, frankly, they take too long to complete from the time the CVE is released to the time critical bugs are patched in customer networks.

As a result, old vulnerabilities continue to be exploited in attacks.

The Solution

I woke up to a message from support.

We’ve written an automation for CVE-2022-39952, the critical one mentioned above.

Any BackBox customer using FortiNAC (the device affected by this vulnerability) can reach out to BackBox support to receive the automation.

Here’s what it looks like when this automation is run on two devices, one that’s affected:

This automation alerts administrators if upgrades are needed. We already have update automations that can be used to update FortiNAC to the latest version quickly and easily.

About BackBox

With homegrown scripts, administrators need to write code to crawl their network and check device versions. Even if they have some sort of code template to crawl the network, they have to write more to get the exact versions that are affected by these CVEs, make sure there are no bugs, etc.

BackBox does that for our customers (and in fact, you can download a free trial and get a report on your vulnerabilities, and even patch them, with BackBox even if you’re not a customer).

There are automation solutions that evolved out of management products that aren’t sophisticated enough to do this. The sophisticated (read complex) automation solutions require you to write scripts to accomplish what you need. Vendor solutions aren’t efficient, and sometimes don’t even support old versions of products, while homegrown scripting is hard to manage.

BackBox stands in contrast to all those limitations and complexity.

BackBox Support writes the automations for you, so there’s no scripting on your end. You can of course modify them, add new ones, or ask us for help to customize them to your specific needs.

The BackBox Network Automation Platform can query the network and create a report on where you’re vulnerable. It can even handle complex upgrade automations to minimize downtime. All of the activity is audited and protected from configuration drift. Like magic (but it’s not).

Ready-to-use automations delivered by BackBox enable administrators to do more than ever before.

You should try it. It’s compelling to fix these critical vulnerabilities quickly and easily. Download a free evaluation, reach out to the engineer that emails you once you download to get the automations for these vulnerabilities, and within an hour or so, you’ll know where you’re exposed and even have a plan to get updated.

Cool, right?


See for yourself how consistent and reliable your device backups and upgrades can be