Sign-up

ID

VAR-202306-1795


CVE

CVE-2023-33299


TITLE

Fortinet FortiNAC Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-1663

DESCRIPTION

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. Fortinet FortiNAC is a set of network access control solutions from Fortinet. This product is mainly used for network access control and IoT security protection

Trust: 1.53

sources: NVD: CVE-2023-33299 // CNNVD: CNNVD-202306-1663 // VULMON: CVE-2023-33299

AFFECTED PRODUCTS

vendor:fortinetmodel:fortinacscope:gteversion:9.1.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.6.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:9.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.5.4

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.7.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.1.9

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.2

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.8.11

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:9.2.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.8.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.7.6

Trust: 1.0

vendor:fortinetmodel:fortinacscope:lteversion:8.6.5

Trust: 1.0

vendor:fortinetmodel:fortinacscope:gteversion:8.5.0

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:8.3.7

Trust: 1.0

vendor:fortinetmodel:fortinacscope:eqversion:9.4.1

Trust: 1.0

sources: NVD: CVE-2023-33299

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-33299
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202306-1663
value: CRITICAL

Trust: 0.6

NVD: CVE-2023-33299
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-33299 // CNNVD: CNNVD-202306-1663

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.0

sources: NVD: CVE-2023-33299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1663

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202306-1663

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-33299

PATCH
title:Fortinet FortiNAC Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244239
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202306-1663

EXTERNAL IDS
db:NVDid:CVE-2023-33299
Trust: 1.7
db:AUSCERTid:ESB-2023.3637
Trust: 0.6
db:CNNVDid:CNNVD-202306-1663
Trust: 0.6
db:VULMONid:CVE-2023-33299
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33299 // 
            
            
            
            NVD: CVE-2023-33299 // 
            
            
            
            CNNVD: CNNVD-202306-1663

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-23-074
Trust: 1.7
url:https://www.auscert.org.au/bulletins/esb-2023.3637
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-33299/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33299 // 
            
            
            
            NVD: CVE-2023-33299 // 
            
            
            
            CNNVD: CNNVD-202306-1663

SOURCES
db:VULMONid:CVE-2023-33299
db:NVDid:CVE-2023-33299
db:CNNVDid:CNNVD-202306-1663

LAST UPDATE DATE
2023-07-04T22:27:30.586000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-33299date:2023-06-23T00:00:00
db:NVDid:CVE-2023-33299date:2023-07-03T18:59:00
db:CNNVDid:CNNVD-202306-1663date:2023-07-04T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-33299date:2023-06-23T00:00:00
db:NVDid:CVE-2023-33299date:2023-06-23T08:15:00
db:CNNVDid:CNNVD-202306-1663date:2023-06-23T00:00:00