Deserialization Vulnerability in Fortinet FortiNAC Products
CVE-2023-33299
9.6CRITICAL
Summary
A deserialization vulnerability exists in Fortinet's FortiNAC product that allows an attacker to execute unauthorized code or commands. This flaw affects FortiNAC versions below 7.2.1, 9.4.3, 9.2.8, and all earlier versions of the 8.x series. Specifically crafted requests sent over inter-server communication ports can exploit this vulnerability, posing a significant threat to system security. Notably, FortiNAC version 8.x will not receive a fix for this issue.
Affected Version(s)
FortiNAC 9.4.0 <= 9.4.2
FortiNAC 9.2.0 <= 9.2.7
FortiNAC 9.1.0 <= 9.1.9
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved