Security News > 2023 > June > New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code.
"A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," Fortinet said in an advisory published last week.
The shortcoming impacts the following products, with patches available in FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3 or later -.
Also resolved by Fortinet is a medium-severity vulnerability tracked as CVE-2023-33300, an improper access control issue affecting FortiNAC 9.4.0 through 9.4.3 and FortiNAC 7.2.0 through 7.2.1.
The alert follows the active exploitation of another critical vulnerability affecting FortiOS and FortiProxy that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
It also comes more than four months after Fortinet addressed a severe bug in FortiNAC that could lead to arbitrary code execution.
News URL
https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html
Related news
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)