Remote Code Execution Vulnerability in Fortinet FortiNAC (CVE-2023-33299)
Dark Lab on Jun 29 2023
Share:
On 23 June, the vendor released a security advisory for a critical remote code execution (RCE) discovered in Fortinet’s FortiNAC products (CVE-2023-33299). The vulnerability exists due to a deserialisation of untrusted data flaw that enables an unauthenticated attacker to execute unauthorised code or commands via specially crafted requests to the TCP/1050 service.
Given exploitation can be performed by an unauthenticated attacker to achieve RCE, we hypothesise that malicious actors will quickly seek to weaponise the vulnerability to infiltrate victims and subsequently perform RCE.
Due to its ability to enable unauthenticated threat actors to achieve RCE, we posit that threat actors will quickly weaponise the publicly disclosed PoC to infiltrate vulnerable FortiNAC environments and perform subsequent RCE to achieve their intended goal. We recommend impacted users to apply the latest patch to remediate susceptibility to CVE-2023-33299.
https://www.fortiguard.com/psirt/FG-IR-23-074
Given exploitation can be performed by an unauthenticated attacker to achieve RCE, we hypothesise that malicious actors will quickly seek to weaponise the vulnerability to infiltrate victims and subsequently perform RCE.
Due to its ability to enable unauthenticated threat actors to achieve RCE, we posit that threat actors will quickly weaponise the publicly disclosed PoC to infiltrate vulnerable FortiNAC environments and perform subsequent RCE to achieve their intended goal. We recommend impacted users to apply the latest patch to remediate susceptibility to CVE-2023-33299.
https://www.fortiguard.com/psirt/FG-IR-23-074