In today’s SensCy Cyber Alert, your SensCy team recommends FortiGate Firewall users install the new security update immediately.
The vulnerability, tracked as CVE2023-33299, is described as an issue related to deserialization of untrusted data that could lead to remote code execution.
Fortinet released a advisory explaining the vulnerability “this vulnerability “to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service.”
The impacted FortiNAC versions: up to 7.2.1, up to 9.4.2, up to 9.2.7, and up to 9.1.9, as well as all 8.x iterations.
Fortinet released a patch for FortiNAC versions 9.4.3, 9.2.8, 9.1.10, and 7.2.2, but will not release patches for FortiNAC 8.x.
Fortinet and FortiGate vulnerabilities are known to be very lucrative attack vectors for threat actors. We highly recommend applying those patches as soon as possible to mitigate any potential risks.
If you have any questions, please contact your Cyber Advocate.