Fortinet has issued patches for a critical vulnerability (CVE-2023-33299) in its FortiNAC network access control solution, which could allow remote code execution. The flaw relates to the deserialization of untrusted data and can be exploited by an unauthenticated attacker via specially crafted requests to the TCP/1050 service. The vulnerability affects various FortiNAC versions, but the company has released updated versions to address the issue. Another medium-severity vulnerability (CVE-2023-33300), involving command injection, was also identified and resolved in the FortiNAC software. Fortinet has not reported any known exploits, but attackers often target such vulnerabilities.

Read more: https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-fortinac/