Remote Code Execution Flaw in FortiNAC Disclosed (CVE-2023-33

Remote Code Execution Flaw in FortiNAC Disclosed (CVE-2023-33299)

Fortinet published two advisories on June 23 to address two flaws in its FortiNAC, Network Access Control solution:

CVE-2023-33299 (FG-IR-23-074)
CVE-2023-33300 (FG-IR-23-096)

Of the two vulnerabilities, CVE-2023-33299 is considered the most severe, as it was assigned a CVSSv3 score of 9.6.

Attribution for both flaws is credited to Florian Hauser, a security researcher with CODE WHITE GmbH. Hauser published details about the flaws in a blog post, which include proofs-of-concept.

For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Remote Code Execution Flaw in FortiNAC Disclosed (CVE-2023-33

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia