Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Fortinet's FortiNAC Products
Alerts

Critical Vulnerability in Fortinet's FortiNAC Products

26 June 2023

Fortinet has released security updates to address a critical vulnerability (CVE-2023-33299) in their FortiNAC products. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.6 out of 10.

Successful exploitation of the deserialisation of untrusted data vulnerability could allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests to the tcp/1050 service.

The vulnerability affects the following product versions:

• FortiNAC version 9.4.0 through 9.4.2

• FortiNAC version 9.2.0 through 9.2.7

• FortiNAC version 9.1.0 through 9.1.9

• FortiNAC version 7.2.0 through 7.2.1

• FortiNAC 8.8 all versions

• FortiNAC 8.7 all versions

• FortiNAC 8.6 all versions

• FortiNAC 8.5 all versions

• FortiNAC 8.3 all versions

Users and administrators of the affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://www.fortiguard.com/psirt/FG-IR-23-074

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33299

https://nvd.nist.gov/vuln/detail/CVE-2023-33299

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-fortinac-remote-command-execution-flaw/

Back to top