CVE-2023-33299

Published Jun 23, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-502
psirt@fortinet.com: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8292B841-851C-42C2-AF13-17AB2FA894CD",
            "versionEndIncluding": "8.5.4",
            "versionStartIncluding": "8.5.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E75B88-1750-4FB6-BCE4-74B69D93C918",
            "versionEndIncluding": "8.6.5",
            "versionStartIncluding": "8.6.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058",
            "versionEndIncluding": "8.7.6",
            "versionStartIncluding": "8.7.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E",
            "versionEndIncluding": "8.8.11",
            "versionStartIncluding": "8.8.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D101F116-0C73-401E-9882-8BA2F403FA4E",
            "versionEndIncluding": "9.1.9",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B341AE7E-48F1-4ABE-891F-F9D543D19E29",
            "versionEndIncluding": "9.2.7",
            "versionStartIncluding": "9.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C3107FF-B414-4C7C-BD97-AC102A744B1A"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "952F266E-0E48-4D69-81E0-9F813B60AC3E"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E12E11B0-E21A-4124-9DF9-FF268BB19813"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4648F862-AB8C-4B8D-8F2D-5D2641F08845"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B0251A8-1E8B-4B4A-962F-3E5950601814"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References