Fortinet fixes critical FortiNAC remote command execution flaw


Fortinet, a provider of cybersecurity solutions, has upgraded FortiNAC, its zero-trust access solution, to solve a serious vulnerability that attackers may use to run commands and code. Florian Hauser of the Code White firm, which offers red team, penetration testing, and threat intelligence services, made CVE-2023-33299 public.

FortiNAC is a tool that enables businesses to control access policies throughout the whole network, monitor people and devices, and protect the network from threats and unauthorised access. Known as CVE-2023-33299, the security flaw has a critical severity rating of 9.6 out of 10. It is a deserialization of untrusted data that could result in unauthenticated remote code execution (RCE).

Read More…