Security News > 2023 > June > Fortinet fixes critical FortiNAC remote command execution flaw

Fortinet fixes critical FortiNAC remote command execution flaw
2023-06-23 12:42

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.

FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats.

"A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service" - Fortinet.

Along with the critical RCE, Fortinet also annouced today that it fixed a medium-severity vulnerability tracked as CVE-2023-33300 - an improper access control issue affecting FortiNAC 9.4.0 through 9.4.3 and FortiNAC 7.2.0 through 7.2.1.

"An improper neutralization of special elements used in a command vulnerability [CWE-77] in FortiNAC TCP/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields" - Fortinet.

A recent example is CVE-2022-39952, a critical RCE impacting FortiNAC that received a fix in mid-February but hackers started using it in attacks a few days later, after proof-of-concept code was published.


News URL

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-fortinac-remote-command-execution-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-39952 Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
network
low complexity
fortinet CWE-668
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 169 57 403 183 81 724