Security News > 2023 > June > New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code.
"A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," Fortinet said in an advisory published last week.
The shortcoming impacts the following products, with patches available in FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3 or later -.
Also resolved by Fortinet is a medium-severity vulnerability tracked as CVE-2023-33300, an improper access control issue affecting FortiNAC 9.4.0 through 9.4.3 and FortiNAC 7.2.0 through 7.2.1.
The alert follows the active exploitation of another critical vulnerability affecting FortiOS and FortiProxy that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
It also comes more than four months after Fortinet addressed a severe bug in FortiNAC that could lead to arbitrary code execution.
News URL
https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html
Related news
- Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)