CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC

CVE-2023-33299

As cybersecurity escalates to become a paramount issue worldwide, we now face another challenge – CVE-2023-33299, a critical vulnerability in FortiNAC with a high Common Vulnerability Scoring System (CVSS) score of 9.6. Our network’s security infrastructure is under constant threats, and staying ahead of potential breaches becomes ever more critical.

As our digital world grows, so too does the complexity of our networks. FortiNAC, a pioneering zero-trust access solution, operates as the network’s primary gatekeeper. With the colossal responsibility of overseeing and protecting all digital assets within the enterprise network – spanning IT, IoT, OT/ICS, to IoMT devices – FortiNAC provides an unparalleled combination of visibility, control, and automated response to all network connections.

And yet, a looming threat lies beneath the system’s layers. This threat, known as CVE-2023-33299, was discovered by the esteemed security researcher Florian Hauser of CODE WHITE, sending a clear signal that even our most trusted networks are not beyond the reach of sophisticated security threats.

CVE-2023-33299 is a deserialization of untrusted data vulnerability, classified under CWE-502. In simpler terms, it’s a loophole that might permit an unauthenticated user to run unauthorized code or commands through specifically designed requests to the tcp/1050 service.

This significant security flaw poses a substantial risk, as it opens the door for malevolent hackers to execute commands remotely, potentially manipulating or extracting sensitive information from affected systems. Several versions of FortiNAC, including those from 7.2.0 to 9.4.2, have been flagged as susceptible to this remote code execution vulnerability.

In response to this critical security threat, Fortinet acted swiftly, demonstrating the strength of its commitment to network safety and integrity. On Friday, Fortinet released crucial updates for FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3, effectively addressing the vulnerability.

Affected users are urged to update their systems to the latest secure versions immediately to negate the potential risks associated with CVE-2023-33299. Even if your network hasn’t shown any signs of intrusion, it is recommended to take preemptive actions and fortify your systems against potential threats.