New Fortinet’s FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

27-06-2023
Share
New Fortinet’s FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code.

Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization.

“A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service,” Fortinet said in an advisory published last week.

The shortcoming impacts the following products, with patches available in FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3 or later –

  • FortiNAC version 9.4.0 through 9.4.2
  • FortiNAC version 9.2.0 through 9.2.7
  • FortiNAC version 9.1.0 through 9.1.9
  • FortiNAC version 7.2.0 through 7.2.1
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions, and
  • FortiNAC 8.3 all versions

The alert follows the active exploitation of another critical vulnerability affecting FortiOS and FortiProxy (CVE-2023-27997, CVSS score: 9.2) that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

It also comes more than four months after Fortinet addressed a severe bug in FortiNAC (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution. The flaw has since come under active exploitation shortly after a proof-of-concept (PoC) was made available.

In a related development, Grafana has released patches for a critical security vulnerability (CVE-2023-3128) that could permit malicious attackers to bypass authentication and take over any account that uses Azure Active Directory for authentication.

“If exploited, the attacker can gain complete control of a user’s account, including access to private customer data and sensitive information,” Grafana said.

“If exploited, the attacker can gain complete control of a user’s account, including access to private customer data and sensitive information.”

 

 

Source: https://thehackernews.com/