Fortinet Remote Code Execution Vulnerability (CVE-2023-33299)

A critical Remote Code Execution vulnerability (CVE-2023-33299) was discovered in FortiNAC products recently which may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service.

Fortinet has released the patches to remediate the vulnerability and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerabilities

  • Remote Code Execution Vulnerability (CVE-2023-33299)

 

Severity Level

  • Critical

 

Affected Systems

  • FortiNAC version 9.4.0 through 9.4.2
  • FortiNAC version 9.2.0 through 9.2.7
  • FortiNAC version 9.1.0 through 9.1.9
  • FortiNAC version 7.2.0 through 7.2.1
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.3 all versions

 

Remediation

  • Please apply the latest update patches in your department devices immediately.
  • Note FortiNAC versions 8.x will not be fixed, related vulnerable FortiNAC products may disable port 1050 as a temporary workaround.

 

Reference

 

Enquiry

 

 

Published on: 29 Jun 2023