A critical remote code execution vulnerability (CVE-2023-33299) with a CVSS score of 9.6 has been discovered in Fortinet’s FortiNAC product. This vulnerability poses a significant risk as it could allow an unauthenticated user to execute unauthorized code or commands by sending specially crafted requests to the TCP/1050 service. Barracuda SOC strongly advises to apply the security update provided by Fortinet promptly to mitigate this vulnerability and prevent potential unauthorized access and code execution.
What is the threat?
The threat is a critical remote code execution vulnerability (CVE-2023-33299) found in Fortinet’s FortiNAC, a network access control solution. The vulnerability arises due to insufficient input validation of user-supplied data, allowing an attacker to send crafted requests to the targeted device. By exploiting this vulnerability, an attacker can execute arbitrary code, gain unauthorized access to the device, and potentially escalate privileges. Successful exploitation could result in a complete compromise of the FortiNAC appliance. Exploiting this vulnerability does not require any prior authentication or user privileges, making it a significant risk to organizations utilizing FortiNAC.
Why is it noteworthy?
The discovery of this critical vulnerability in FortiNAC raises significant concerns. Exploiting this vulnerability allows attackers to gain full control over the targeted system, leading to unauthorized access, potential data breaches, and disruption of critical services. This vulnerability is particularly alarming because it enables unauthenticated users to execute unauthorized code or commands. This means that bad actors can infiltrate the system without requiring any prior authentication, increasing the potential impact, and highlighting the urgency for organizations to promptly patch and secure their FortiNAC installations. Organizations must be proactive in addressing this vulnerability to mitigate the risks associated with unauthorized access, compromised data, and potential service disruptions.
What is the exposure or risk?
A compromised FortiNAC appliance can serve as a pivot point for further attacks against the network infrastructure, potentially leading to the compromise of other systems and information within the organization. Therefore, the scope of the potential damage extends beyond the compromised FortiNAC device itself.
The vulnerability impacts FortiNAC versions up to 7.2.1, up to 9.4.2, up to 9.2.7, and up to 9.1.9, as well as all 8.x iterations. Fortinet has addressed the security defect with the release of FortiNAC versions 9.4.3, 9.2.8, 9.1.10, and 7.2.2, but will not release patches for FortiNAC 8.x.
Organizations relying on FortiNAC to secure their networks, particularly those with sensitive data and critical services, are particularly at risk of being damaged. Industries such as healthcare, finance, government, and enterprises with large-scale network deployments may face severe consequences if this vulnerability is exploited. Prompt action is necessary to mitigate the risks associated with unauthorized access, data breaches, and potential disruptions to critical services.
What are the recommendations?
Barracuda SOC recommends the following actions to limit the impact of a FortiNAC RCE vulnerability:
- Apply the latest security update released by Fortinet to patch the vulnerability. Ensure that all FortiNAC appliances in your environment are promptly updated to the patched version.
- Implement network segmentation to limit the potential impact of a compromised FortiNAC appliance. Separate critical systems and sensitive data from the rest of the network to minimize the attack surface.
- Follow the principle of least privilege by granting users and devices only the necessary access rights to perform their tasks. Restrict administrative privileges to prevent unauthorized modification or compromise.
- Implement robust monitoring and detection mechanisms to identify any unusual activities or attempts to exploit the vulnerability. Continuously monitor the network for signs of compromise and promptly investigate any suspicious behavior.
- Establish a process for regularly updating and patching all software and hardware components in your environment. Stay informed about security advisories and promptly apply patches to address known vulnerabilities.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-fortinac/
- https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-fortinet-fortinac-could-allow-for-arbitrary-code-execution_2023-068
- https://www.tenable.com/blog/cve-2023-33299-critical-remote-code-execution-vulnerability-in-fortinac
If you have any questions regarding this Cybersecurity Threat Advisory, please contact our Security Operations Center.