CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-196	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios:7.0.0:::::::*
	cpe:2.3:o:fortinet:fortios:7.0.1:::::::*
	cpe:2.3:o:fortinet:fortios:7.0.2:::::::*
	cpe:2.3:o:fortinet:fortios:7.0.3:::::::*
	cpe:2.3:o:fortinet:fortios:7.0.4:::::::*
	cpe:2.3:o:fortinet:fortios:7.0.5:::::::*
	cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*
	cpe:2.3:o:fortinet:fortipam:1.0.1:::::::*
	cpe:2.3:o:fortinet:fortipam:1.0.2:::::::*
	cpe:2.3:o:fortinet:fortipam:1.0.3:::::::*
	cpe:2.3:o:fortinet:fortipam:1.1.0:::::::*
	cpe:2.3:o:fortinet:fortipam:1.1.1:::::::*

History

No history.

Information

Published : 2023-12-13 07:15

Updated : 2023-12-15 19:31

NVD link : CVE-2023-41678

Mitre link : CVE-2023-41678

CVE.ORG link : CVE-2023-41678

JSON object : View

Products Affected

fortinet

fortipam
fortios

CWE

CWE-415

Double Free

{"id": "CVE-2023-41678", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-13T07:15:17.317", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-196", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."}, {"lang": "es", "value": "Un doble gratuito en las versiones Fortinet FortiOS 7.0.0 a 7.0.5, FortiPAM versi\u00f3n 1.0.0 a 1.0.3, 1.1.0 a 1.1.1 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una solicitud espec\u00edficamente manipulada."}], "lastModified": "2023-12-15T19:31:27.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D51C9F-CED3-4EA0-89EB-3A63F54B10E7"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9341F0B-D2F3-41D6-8FA5-49FDE8F3048B"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E0B17DD-6CE0-4DD0-9850-640F24A1AB10"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48D0E8CC-3815-4697-86D0-DC7F66E70520"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "920985C7-18F9-414A-A0B2-8C2FACDDE708"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DA50317-AD1F-451A-AB91-96F1791CBBF6"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD6728D1-6891-4144-9D5B-EC7C9EE3B044"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFE431F-113D-4DF8-8166-10B8F8EB096C"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC27DCF-F74C-431C-9545-F405D369AF22"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46FB5EB9-00E7-444C-B433-B51460BED34C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}