CVE-2022-40683 — Double Free in Fortinet Fortiweb

CWE-415 — Double Free4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedFeb 16

Description

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortiweb7.0.0 — 7.0.3

▶NVDfortinet/fortiweb7.0.0 — 7.0.3

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-g55x-g3rw-j988: A double free in Fortinet FortiWeb version 7↗2023-02-16

▶

CVEList

CVE-2022-40683: A double free in Fortinet FortiWeb version 7↗2023-02-16

▶

📋Vendor Advisories

Fortinet

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or comma...↗2023-02-16

▶