CVE-2023-33299

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 23, 2023

Updated: Nov 7, 2023

CWE ID 502

Summary

CVE-2023-33299 is a deserialization vulnerability affecting Fortinet FortiNAC versions below 7.2.1, 9.4.3, and all earlier versions of 8.x. An attacker can exploit this issue by sending a specially crafted request on the inter-server communication port, allowing them to execute unauthorized code or commands. Notably, FortiNAC versions 8.x will not receive a fix for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fortinet Fortinac

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rtB5Q0
https://www.cve.org/CVERecord?id=CVE-2023-33299
https://nvd.nist.gov/vuln/detail/CVE-2023-33299

Back to Vulnerability Database