CVE-2023-45584

CWE-4154 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 61.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortipam

Timeline

PublishedAug 12

Description

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages6 packages

▶NVDfortinet/fortios6.4.0 — 7.0.13+2

▶CVEListV5fortinet/fortios7.2.0 — 7.2.5+3

▶NVDfortinet/fortiproxy7.0.0 — 7.0.14+2

▶CVEListV5fortinet/fortiproxy7.4.0 — 7.4.1+2

▶CVEListV5fortinet/fortipam1.1.0 — 1.1.2+1

🔴Vulnerability Details

GHSA

GHSA-cqjp-8gg8-rwv9: A double free vulnerability [CWE-415] in Fortinet FortiOS version 7↗2025-08-12

▶

CVEList

CVE-2023-45584: A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7↗2025-08-12

▶

📋Vendor Advisories

Fortinet

Double free in automation-stitch↗2025-08-12

▶