CVE-2023-45584

Summary

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.1affected
FortinetFortiProxy7.2.0 <= 7.2.7affected
FortinetFortiProxy7.0.0 <= 7.0.13affected
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.12affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected

Weaknesses

  • CWE-415: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References