Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41678: Fortiguard

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CVE
#vulnerability#ios#auth

Double free in cache management

Summary

A double free vulnerability [CWE-415] in FortiOS and FortiPAM HTTPSd daemon may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.

Version

Affected

Solution

FortiOS 7.2

Not affected

Not Applicable

FortiOS 7.0

7.0.0 through 7.0.5

Upgrade to 7.0.6 or above

FortiOS 6.4

Not affected

Not Applicable

FortiPAM 1.2

Not affected

Not Applicable

FortiPAM 1.1

1.1.0 through 1.1.1

Upgrade to 1.1.2 or above

FortiPAM 1.0

1.0 all versions

Migrate to a fixed release

Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Timeline

2023-12-08: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907