CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC

June 23, 2023, 10:07 p.m. | Tenable Security Response Team

Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC

Background

On June 23, Fortinet published an advisory (FG-IR-23-074) that addresses a critical remote code execution vulnerability in FortiNAC, its Network Access Control solution:

CVE	Description	CVSSv3	Severity
CVE-2023-33299	Fortinet ForitNAC deserialization of untrusted data vulnerability	9.6	Critical

In addition to CVE-2023-33299, Fortinet published an additional advisory (FG-IR-23-096) for a separate vulnerability in FortiNAC:

CVE	Description …

access access control addresses advisory code code execution control critical cve fortinac fortinet june network network access network access control patch remote code remote code execution severity solution vulnerability

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 6 days, 17 hours ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 week, 2 days ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 2 weeks, 1 day ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 2 weeks, 6 days ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 3 weeks, 1 day ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 1 month, 2 weeks ago | www.tenable.com

address advisory arbitrary code attacker +20

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407) 1 month, 2 weeks ago | www.tenable.com

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass Vulnerabilities in JetBrains TeamCity 1 month, 3 weeks ago | www.tenable.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States

View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX

View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote

View on infosec-jobs.com

View more jobs

all InfoSec news

CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC

Background

More from www.tenable.com / Cyber Exposure Alerts

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Principal Business Value Consultant

Cybersecurity Specialist, Sr. (Container Hardening)

Penetration Testing Engineer- Remote United States

Internal Audit- Compliance & Legal Audit-Dallas-Associate

Threat Responder