CVE-2023-41678

CWE-4155 documents5 sources
Severity
8.8HIGH
EPSS
0.3%
top 48.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortipam
Timeline
PublishedDec 13
Latest updateFeb 14

Description

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5fortinet/fortios7.0.07.0.5
CVEListV5fortinet/fortipam1.1.01.1.1+1
NVDfortinet/fortios6 versions+5
NVDfortinet/fortipam6 versions+5

🔴Vulnerability Details

3
OSV
activemq vulnerabilities2025-02-14
GHSA
GHSA-mp7x-6p2g-hmwv: A double free in Fortinet FortiOS versions 72023-12-13
CVEList
CVE-2023-41678: A double free in Fortinet FortiOS versions 72023-12-13

📋Vendor Advisories

1
Fortinet
Double free in cache management2023-12-13
CVE-2023-41678 (HIGH CVSS 8.8) | A double free in Fortinet FortiOS v | cvebase.io