Double Free Vulnerability in Fortinet FortiOS and FortiPAM
CVE-2023-41678

8.3HIGH

Key Information:

Vendor: Fortinet
Status: FortiOS; FortiPAM
Vendor: CVE Published:; 13 December 2023

Summary

A double free vulnerability exists in Fortinet FortiOS and FortiPAM that could allow an attacker to execute unauthorized code or commands. The flaw affects specific versions of FortiOS (7.0.0 to 7.0.5) and FortiPAM (1.0.0 to 1.0.3, 1.1.0 to 1.1.1). An attacker can exploit this by sending a specially crafted request, leading to potential unauthorized actions within the affected systems.

Affected Version(s)

FortiOS 7.0.0 <= 7.0.5

FortiPAM 1.1.0 <= 1.1.1

FortiPAM 1.0.0 <= 1.0.3

References

https://fortiguard.com/psirt/FG-IR-23-196

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Aug 30, 2023