Lucene search

[email protected]NVD:CVE-2023-33299

HistoryJun 23, 2023 - 8:15 a.m.

CVE-2023-33299

2023-06-2308:15:09

CWE-502

[email protected]

web.nvd.nist.gov

fortinet fortinac

deserialization

vulnerability

unauthorized code execution

untrusted data

inter-server communication

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.

Affected configurations

NVD

Node

fortinetfortinacRange8.5.0–8.5.4

fortinetfortinacRange8.6.0–8.6.5

fortinetfortinacRange8.7.0–8.7.6

fortinetfortinacRange8.8.0–8.8.11

fortinetfortinacRange9.1.0–9.1.9

fortinetfortinacRange9.2.0–9.2.7

fortinetfortinacMatch7.2.0

fortinetfortinacMatch7.2.1

fortinetfortinacMatch8.3.7

fortinetfortinacMatch9.4.0

fortinetfortinacMatch9.4.1

fortinetfortinacMatch9.4.2

References

fortiguard.com/psirt/FG-IR-23-074

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for NVD:CVE-2023-33299

nessus1 fortinet1 prion1 cve1 cvelist1 thn1