Headline
CVE-2023-41678: Fortiguard
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
Double free in cache management
Summary
A double free vulnerability [CWE-415] in FortiOS and FortiPAM HTTPSd daemon may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.
Version
Affected
Solution
FortiOS 7.2
Not affected
Not Applicable
FortiOS 7.0
7.0.0 through 7.0.5
Upgrade to 7.0.6 or above
FortiOS 6.4
Not affected
Not Applicable
FortiPAM 1.2
Not affected
Not Applicable
FortiPAM 1.1
1.1.0 through 1.1.1
Upgrade to 1.1.2 or above
FortiPAM 1.0
1.0 all versions
Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Timeline
2023-12-08: Initial publication