InfoSecBulletin Cybersecurity for mankind
Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices.
The vulnerability impacts FortiNAC versions up to 7.2.1, up to 9.4.2, up to 9.2.7, and up to 9.1.9, as well as all 8.x iterations. Fortinet has addressed the vulnerability with the release of FortiNAC versions 9.4.3, 9.2.8, 9.1.10, and 7.2.2.
NVIDIA Releases Security Update For GPU Driver Vulnerabilities
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure
NVIDIA NeMo Framework Vuln Allow Attackers RCE
Cisco Issued Urgent Security Advisories For Multiple Products
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ALSO READ:
The vulnerability was discovered by security researcher Florian Hauser of Code White. Hauser notes that there are few organizations exposing TCP port 1050 to the public internet, and that one of the organizations he identified removed the vulnerable services a few days after he reported them to CISA.
In addition to the RCE vulnerability, Hauser also identified and reported CVE-2023-33300, a medium-severity command injection vulnerability. This vulnerability can be exploited by an unauthenticated attacker to copy local files from the device to other local directories. However, access to the copied data is only possible if the attacker has an existing foothold and enough privileges on the device.
This vulnerability was also resolved with the release of FortiNAC versions 9.4.4 and 7.2.2.
Fortinet has not yet seen any evidence of these vulnerabilities being exploited in attacks. However, it is not uncommon for threat actors to target security defects in Fortinet products for which patches have been released.
Organizations that are using affected versions of FortiNAC should update to the latest versions as soon as possible to mitigate the risk of exploitation.
