CVE-2023-41678

Summary

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.0.0 <= 7.0.5affected
FortinetFortiPAM1.1.0 <= 1.1.1affected
FortinetFortiPAM1.0.0 <= 1.0.3affected

Weaknesses

  • CWE-415: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References