Fortinet’s FortiNAC Vulnerability Could Lead to Arbitrary Code Execution Attacks

June 27, 2023

Fortinet has issued updates to rectify a significant security vulnerability in its FortiNAC network access control solution, which could result in the execution of arbitrary code. This flaw, identified as CVE-2023-33299, has been given a severity rating of 9.6 out of 10 according to the CVSS scoring system. It is characterized as a Java untrusted object deserialization issue. "A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," as stated by Fortinet in an advisory published recently.

The vulnerability affects the following products, with patches available in FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3 or later. Fortinet has also addressed a medium-severity vulnerability, identified as CVE-2023-33300 (CVSS score: 4.8), an issue of improper access control affecting FortiNAC 9.4.0 through 9.4.3 and FortiNAC 7.2.0 through 7.2.1. It has been rectified in FortiNAC versions 7.2.2 and 9.4.4. Florian Hauser of the German cybersecurity firm CODE WHITE is credited with discovering and reporting these two bugs.

This alert comes after the active exploitation of another critical vulnerability affecting FortiOS and FortiProxy (CVE-2023-27997, CVSS score: 9.2) that could enable a remote attacker to execute arbitrary code or commands via specifically crafted requests. Earlier this month, Fortinet acknowledged that this issue may have been used in limited attacks targeting government, manufacturing, and critical infrastructure sectors, leading the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog.

This news follows more than four months after Fortinet addressed a severe bug in FortiNAC (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution. This flaw was actively exploited shortly after a proof-of-concept (PoC) was made available.

In related news, Grafana has issued patches for a critical security vulnerability (CVE-2023-3128) that could allow malicious attackers to bypass authentication and take over any account that uses Azure Active Directory for authentication. Grafana stated, "If exploited, the attacker can gain complete control of a user's account, including access to private customer data and sensitive information."

Related News

• Critical Authentication Bypass in Grafana Due to Azure AD Integration
• Critical FortiNAC RCE Vulnerability Fixed by Fortinet: Install Updates Immediately
• Fortinet Warns of Potential Exploitation of New FortiOS RCE Vulnerability
• Fortinet Addresses Critical RCE Vulnerability in Fortigate SSL-VPN Devices
• Fortinet Clarifies Reports of CVE-2022-39952 Exploitation

Latest News

• Critical Vulnerability in miniOrange Social Login WordPress Plugin Exposes User Accounts
• High-Severity Security Flaw in Arcserve UDP Backup Software Addressed
• Massive Data Breach at NYC Department of Education: 45,000 Students' Data Stolen
• China-Linked APT Group VANGUARD PANDA Employs New Techniques in Recent Cyber Attacks
• Russian Hackers Conducting Widescale Credential-Stealing Attacks, Warns Microsoft