October 3, 2023

Fortinet addressed a critical RCE vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution.

FortiNAC solution used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.

The vulnerability can be exploited by an unauthenticated attacker to execute arbitrary code and commands on vulnerable devices


Impacted products:

  • FortiNAC version 9.4.0 through 9.4.2
  • FortiNAC version 9.2.0 through 9.2.7
  • FortiNAC version 9.1.0 through 9.1.9
  • FortiNAC version 7.2.0 through 7.2.1
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.3 all versions

The company released the following updates to address the issue:

  • Please upgrade to FortiNAC version 9.4.3 or above
  • Please upgrade to FortiNAC version 9.2.8 or above
  • Please upgrade to FortiNAC version 9.1.10 or above
  • Please upgrade to FortiNAC version 7.2.2 or above

It is recommended to immediately install the above version due to the level of severity of the issue.

Leave a Reply

%d bloggers like this: