CVE-2023-33299: Critical Fortinet FortiNAC RCE Vulnerability

Share :

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance.

This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.

Fortinet products are an attractive target for threat actors due to the level of access on a network a threat actor can achieve once a system is compromised. Additionally, Fortinet products have a large presence in enterprise networks globally which allow threat actors to target organizations across multiple industries.

Affected FortiNAC Versions
Version 9.4.0 through 9.4.2
Version 9.2.0 through 9.2.7
Version 9.1.0 through 9.1.9
Version 7.2.0 through 7.2.1
8.8 all versions
8.7 all versions
8.6 all versions
8.5 all versions
8.3 all versions


Apply the Latest Security Patches Released by Fortinet

Arctic Wolf strongly recommends updating FortiNAC to the following versions outlined in the table below to remediate the newly disclosed vulnerability.

Note: Arctic Wolf recommends the following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.

Fixed FortiNAC Versions
Version 9.4.3 or above
Version 9.2.8 or above
Version 9.1.10 or above
Version 7.2.2 or above


Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Subscribe to our Monthly Newsletter