Fortinet Fixes Critical RCE Flaw In FortiNAC Zero Trust Product

Cybersecurity firm Fortinet issued an advisory Friday for a critical vulnerability in its FortiNAC zero-trust product that could allow remote code execution by an unauthenticated user.

According to the advisory, a deserialization of untrusted data vulnerability could allow an attacker “to execute unauthorized code or commands via specially crafted requests to the tcp/1050 service.” The vulnerability, CVE-2023-33299, has a CVSSvs rating of 9.6

The company’s website describes FortiNAC as a “zero-trust access solution that oversees and protects all digital assets connected to the enterprise network, covering devices ranging from IT, IoT, OT/ICS, to IoMT.” 

According to a tweet by Cyberthint, a unified cyber threat intelligence platform, its analysts discovered through Shodan that more than 10,400 internet exposed systems could potentially be affected by the vulnerability.

The flaw affects several versions of FortiNAC, and upgrading versions 9.4.3 or above; 9.2.8 or above; 9.1.10 or above; and 7.2.2 or above will address the vulnerability. However, it was noted on Mitre’s description of the CVE that versions 8.x will not be fixed.

Security professionals advised FortiNAC users to update immediately, with Viakoo Labs’ John Gallagher saying the flaw was “as serious as it gets.”

Gallagher, his firm’s vice president, said a remote code execution vulnerability on a network access control product seemed like a candidate for a higher CVE score than 9.6 — “more likely a 9.9 or higher given the position of control this gives a threat actor.”

Gallagher and John Bambenek, Netenrich’s principal threat hunter, both lamented that version 8.x would get a fix, while Gallagher added that organizations should be on the lookout for a larger exploit.

“Having RCE access to a network access control system could be part of a multi-stage attack,” Gallagher said.

This is only the latest critical vulnerability for a Fortinet product this year. Earlier this month, the firm patched an RCE in its Fortigate SSL-VPN appliances, and it patched two critical bugs in February — one for FortiWeb products and the other also in FortiNAC — that could also lead to remote code execution.

Fortinet has had a rash of vulnerabilities and these are the latest that require immediate attention, said Timothy Morris, chief security advisor at Tanium.

READ MORE HERE