PT-2023-24279 · Fortinet · Fortinac

Published

2023-05-22

Updated

2025-03-14

CVE-2023-33300

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 7.2.1 and earlier, 9.4.3 and earlier

Description: The issue is related to an improper neutralization of special elements used in a command, also known as 'command injection', which allows an attacker to gain limited, unauthorized file access. This can be achieved by sending a specifically crafted request in inter-server communication port.

Recommendations: For Fortinet FortiNAC versions 7.2.1 and earlier, consider restricting access to the inter-server communication port as a temporary workaround until a patch is available. For Fortinet FortiNAC version 9.4.3 and earlier, restrict access to the inter-server communication port to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-02838

CVE-2023-33300

Affected Products

Fortinac

PT-2023-24279 · Fortinet · Fortinac

CVE-2023-33300

Weakness Enumeration

Related Identifiers

Affected Products

References · 9