FortiNAC - java untrusted object deserialization RCE

Summary

A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service.

Version Affected Solution
FortiNAC 9.4 9.4.0 through 9.4.2 Upgrade to 9.4.3 or above
FortiNAC 9.2 9.2.0 through 9.2.7 Upgrade to 9.2.8 or above
FortiNAC 9.1 9.1.0 through 9.1.9 Upgrade to 9.1.10 or above
FortiNAC 8.8 8.8 all versions Migrate to a fixed release
FortiNAC 8.7 8.7 all versions Migrate to a fixed release
FortiNAC 8.6 8.6 all versions Migrate to a fixed release
FortiNAC 8.5 8.5 all versions Migrate to a fixed release
FortiNAC 8.3 8.3 all versions Migrate to a fixed release
FortiNAC 7.2 7.2.0 through 7.2.1 Upgrade to 7.2.2 or above

Acknowledgement

Fortinet is pleased to thank Florian Hauser from CODE WHITE for reporting this vulnerability under responsible disclosure.

Timeline

2023-06-23: Initial publication