CVE-2023-33299 is a critical Remote Code Execution vulnerability stemming from deserialization of untrusted data in Fortinet’s FortiNAC. This vulnerability provides potential for remote, unauthenticated attackers to execute arbitrary code on the target device via a specially crafted request.
To shed some light on CVE-2023-33299, we’ll delve into what it is, whether it could affect you, and how to fix it.
What is CVE-2023-33299?
CVE-2023-33299, defined in the Common Vulnerabilities and Exposures system, refers to a specific vulnerability found in FortiNAC, a network access control product. This vulnerability is classified as a deserialization of untrusted data issue, which means that it involves the process of turning serialized data back into its original state. In the case of CVE-2023-33299, the vulnerable system does not properly validate or sanitize serialized data received from an external source.
The danger of this vulnerability lies in its potential for exploitation by remote, unauthenticated attackers. These attackers could exploit the vulnerability by sending a specially crafted request to the FortiNAC service running on TCP port 1050. Successful exploitation of this vulnerability would grant the attacker the ability to execute arbitrary code on the target device, effectively granting them control over the system.
Does CVE-2023-33299 affect me?
The impact of CVE-2023-33299 is specific to certain versions of FortiNAC, a network access control product. If you or your organization use FortiNAC and the version is below 7.2.1, below 9.4.3, below 9.2.8, or any version of the 8.x line, your systems are potentially vulnerable to this issue. It should be noted that versions 8.x of FortiNAC will not receive a patch for this vulnerability. Therefore, if your systems are running any of these affected versions, it’s important to take appropriate cyber security measures to manage this risk.
FortiNAC version 9.4.0 through 9.4.2
FortiNAC version 9.2.0 through 9.2.7
FortiNAC version 9.1.0 through 9.1.9
FortiNAC version 7.2.0 through 7.2.1
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions
Has CVE-2023-33299 been actively exploited in the wild?
While the vulnerability poses a significant threat, there have, at the time of writing, not been any publicly disclosed instances of CVE-2023-33299 being exploited in the wild.
How to fix CVE-2023-33299
Fortinet has already released updates to address CVE-2023-33299. If you’re using an affected version of FortiNAC, it’s recommended to upgrade to:
FortiNAC 9.4.3 or above
FortiNAC 9.2.8 or above
FortiNAC 9.1.10 or above
FortiNAC 7.2.2 or above
There is no mitigation advice provided by the vendor aside from applying these security updates. It is always prudent to keep systems updated to the latest version, as this helps protect against known vulnerabilities.
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- CVSS v4.0 – what you need to know
- Can you trust ChatGPT’s package recommendations?
- MITRE ATTACK framework – Mapping techniques to CVEs
- Exploit maturity: an introduction
- OWASP Top 10 vulnerabilities 2022: what we learned
Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.