CVE-2023-33299
Last modified
CVE-2023-33299 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.. EPSS estimates a 24.30% chance of exploitation in the next 30 days.
Description
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinac | >= 8.5.0, <= 8.5.4 |
| Fortinet | Fortinac | >= 8.6.0, <= 8.6.5 |
| Fortinet | Fortinac | >= 8.7.0, <= 8.7.6 |
| Fortinet | Fortinac | >= 8.8.0, <= 8.8.11 |
| Fortinet | Fortinac | >= 9.1.0, <= 9.1.9 |
| Fortinet | Fortinac | >= 9.2.0, <= 9.2.7 |
| Fortinet | Fortinac | 7.2.0 |
| Fortinet | Fortinac | 7.2.1 |
| Fortinet | Fortinac | 8.3.7 |
| Fortinet | Fortinac | 9.4.0 |
| Fortinet | Fortinac | 9.4.1 |
| Fortinet | Fortinac | 9.4.2 |
References
- https://fortiguard.com/psirt/FG-IR-23-074Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-074Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-33299?
How severe is CVE-2023-33299?
How do I fix CVE-2023-33299?
Are you affected by CVE-2023-33299?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST