Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices.
The vulnerability impacts FortiNAC versions up to 7.2.1, up to 9.4.2, up to 9.2.7, and up to 9.1.9, as well as all 8.x iterations. Fortinet has addressed the vulnerability with the release of FortiNAC versions 9.4.3, 9.2.8, 9.1.10, and 7.2.2.
By infosecbulletin
/ Saturday , April 26 2025
NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
By infosecbulletin
/ Saturday , April 26 2025
The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
By infosecbulletin
/ Friday , April 25 2025
In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
By infosecbulletin
/ Friday , April 25 2025
The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
By infosecbulletin
/ Thursday , April 24 2025
Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...
Read More
By infosecbulletin
/ Thursday , April 24 2025
SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
By infosecbulletin
/ Thursday , April 24 2025
GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
ALSO READ:
Google chrome patched 4 high vulnerabilities
The vulnerability was discovered by security researcher Florian Hauser of Code White. Hauser notes that there are few organizations exposing TCP port 1050 to the public internet, and that one of the organizations he identified removed the vulnerable services a few days after he reported them to CISA.
In addition to the RCE vulnerability, Hauser also identified and reported CVE-2023-33300, a medium-severity command injection vulnerability. This vulnerability can be exploited by an unauthenticated attacker to copy local files from the device to other local directories. However, access to the copied data is only possible if the attacker has an existing foothold and enough privileges on the device.
This vulnerability was also resolved with the release of FortiNAC versions 9.4.4 and 7.2.2.
Fortinet has not yet seen any evidence of these vulnerabilities being exploited in attacks. However, it is not uncommon for threat actors to target security defects in Fortinet products for which patches have been released.
Organizations that are using affected versions of FortiNAC should update to the latest versions as soon as possible to mitigate the risk of exploitation.