PT-2023-24279 · Fortinet · Fortinac

Publicado

2023-05-22

Atualizado

2025-03-14

CVE-2023-33300

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 7.2.1 and earlier, 9.4.3 and earlier

Description: The issue is related to an improper neutralization of special elements used in a command, also known as 'command injection', which allows an attacker to gain limited, unauthorized file access. This can be achieved by sending a specifically crafted request in inter-server communication port.

Recommendations: For Fortinet FortiNAC versions 7.2.1 and earlier, consider restricting access to the inter-server communication port as a temporary workaround until a patch is available. For Fortinet FortiNAC version 9.4.3 and earlier, restrict access to the inter-server communication port to minimize the risk of exploitation.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

BDU:2025-02838

CVE-2023-33300

Produtos afetados

Fortinac

PT-2023-24279 · Fortinet · Fortinac

CVE-2023-33300

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9