Fortinet addressed a critical RCE vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution.
FortiNAC solution used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.
The vulnerability can be exploited by an unauthenticated attacker to execute arbitrary code and commands on vulnerable devices
- FortiNAC version 9.4.0 through 9.4.2
- FortiNAC version 9.2.0 through 9.2.7
- FortiNAC version 9.1.0 through 9.1.9
- FortiNAC version 7.2.0 through 7.2.1
- FortiNAC 8.8 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.5 all versions
- FortiNAC 8.3 all versions
The company released the following updates to address the issue:
- Please upgrade to FortiNAC version 9.4.3 or above
- Please upgrade to FortiNAC version 9.2.8 or above
- Please upgrade to FortiNAC version 9.1.10 or above
- Please upgrade to FortiNAC version 7.2.2 or above
It is recommended to immediately install the above version due to the level of severity of the issue.