Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33300

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.

Published

2025-03-14T16:15:27.203

Last Modified

2025-07-23T21:13:27.477

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortinac	< 7.2.2	Yes
Application	fortinet	fortinac	< 9.4.4	Yes

References

https://fortiguard.com/psirt/FG-IR-23-096 Vendor Advisory ([email protected])