Get a demo
Voyager18 (research)

How to fix CVE-2023-33299 in FortiNAC

CVE-2023-33299 is a severe vulnerability in Fortinet's FortiNAC, enabling remote code execution. Here's what you need to know.

Yair Divinsky | June 29, 2023

CVE-2023-33299 is a critical Remote Code Execution vulnerability stemming from deserialization of untrusted data in Fortinet’s FortiNAC. This vulnerability provides potential for remote, unauthenticated attackers to execute arbitrary code on the target device via a specially crafted request.  

To shed some light on CVE-2023-33299, we’ll delve into what it is, whether it could affect you, and how to fix it. 

What is CVE-2023-33299?  

CVE-2023-33299, defined in the Common Vulnerabilities and Exposures system, refers to a specific vulnerability found in FortiNAC, a network access control product. This vulnerability is classified as a deserialization of untrusted data issue, which means that it involves the process of turning serialized data back into its original state. In the case of CVE-2023-33299, the vulnerable system does not properly validate or sanitize serialized data received from an external source. 

The danger of this vulnerability lies in its potential for exploitation by remote, unauthenticated attackers. These attackers could exploit the vulnerability by sending a specially crafted request to the FortiNAC service running on TCP port 1050. Successful exploitation of this vulnerability would grant the attacker the ability to execute arbitrary code on the target device, effectively granting them control over the system.  

Does CVE-2023-33299 affect me? 

The impact of CVE-2023-33299 is specific to certain versions of FortiNAC, a network access control product. If you or your organization use FortiNAC and the version is below 7.2.1, below 9.4.3, below 9.2.8, or any version of the 8.x line, your systems are potentially vulnerable to this issue. It should be noted that versions 8.x of FortiNAC will not receive a patch for this vulnerability. Therefore, if your systems are running any of these affected versions, it’s important to take appropriate cyber security measures to manage this risk.  

Affected versions: 

FortiNAC version 9.4.0 through 9.4.2 
FortiNAC version 9.2.0 through 9.2.7 
FortiNAC version 9.1.0 through 9.1.9 
FortiNAC version 7.2.0 through 7.2.1 
FortiNAC 8.8 all versions 
FortiNAC 8.7 all versions 
FortiNAC 8.6 all versions 
FortiNAC 8.5 all versions 
FortiNAC 8.3 all versions 


Has CVE-2023-33299 been actively exploited in the wild?  

While the vulnerability poses a significant threat, there have, at the time of writing, not been any publicly disclosed instances of CVE-2023-33299 being exploited in the wild. 

How to fix CVE-2023-33299 

Fortinet has already released updates to address CVE-2023-33299. If you’re using an affected version of FortiNAC, it’s recommended to upgrade to:  

FortiNAC 9.4.3 or above 

FortiNAC 9.2.8 or above 

FortiNAC 9.1.10 or above 

FortiNAC 7.2.2 or above 

There is no mitigation advice provided by the vendor aside from applying these security updates. It is always prudent to keep systems updated to the latest version, as this helps protect against known vulnerabilities. 

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. CVSS v4.0 – what you need to know
  2. Can you trust ChatGPT’s package recommendations?
  3. MITRE ATTACK framework – Mapping techniques to CVEs  
  4. Exploit maturity: an introduction  
  5. OWASP Top 10 vulnerabilities 2022: what we learned 

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy