"Fortinet Patches Critical RCE Vulnerability in FortiNAC"

Fortinet has recently released patches to address a critical vulnerability in its FortiNAC network access control solution.  The zero-trust access solution allows organizations to view devices and users on the network and provides granular control over network access policies.  One of the vulnerabilities patched is tracked as CVE-2023-33299 (CVSS score of 9.6) and is described as an issue related to the deserialization of untrusted data that can lead to remote code execution (RCE).  Fortinet noted that an unauthenticated attacker could exploit this vulnerability "to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service."  The vulnerability impacts FortiNAC versions up to 7.2.1, up to 9.4.2, up to 9.2.7, and up to 9.1.9, as well as all 8.x iterations.  Fortinet has addressed the security defect with the release of FortiNAC versions 9.4.3, 9.2.8, 9.1.10, and 7.2.2, but will not release patches for FortiNAC 8.x.  Another vulnerability patched was CVE-2023-33300, a medium-severity command injection via FortiNAC's TCP/5555 service.  This vulnerability is described as an improper neutralization of special elements that can be exploited by "an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields." According to Fortinet, access to the copied data is only possible if the attacker has an existing foothold and enough privileges on the device.  The vulnerability was resolved with the release of FortiNAC versions 9.4.4 and 7.2.2.  Fortinet makes no mention of any of these vulnerabilities being exploited in attacks.

SecurityWeek reports: "Fortinet Patches Critical RCE Vulnerability in FortiNAC"