CVE-2023-33299

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions prior to 7.2.1 Fortinet FortiNAC versions prior to 9.4.3 Fortinet FortiNAC versions prior to 9.2.8 Fortinet FortiNAC versions 8.x and earlier

Description The issue is related to a deserialization of untrusted data mechanism in Fortinet FortiNAC, which can be exploited by a remote attacker to execute arbitrary code or commands via a specifically crafted request on the inter-server communication port.

Recommendations For Fortinet FortiNAC versions prior to 7.2.1, update to version 7.2.1 or later. For Fortinet FortiNAC versions prior to 9.4.3, update to version 9.4.3 or later. For Fortinet FortiNAC versions prior to 9.2.8, update to version 9.2.8 or later. For Fortinet FortiNAC versions 8.x and earlier, consider disabling the inter-server communication port as a temporary workaround, as these versions will not be fixed.