PT-2023-28043 · Fortinet · Fortipam+1
Published
2023-12-12
·
Updated
2023-12-15
·
CVE-2023-41678
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 7.0.0 through 7.0.5
FortiPAM versions 1.0.0 through 1.0.3
FortiPAM versions 1.1.0 through 1.1.1
Description
A double free in Fortinet FortiOS and FortiPAM allows an attacker to execute unauthorized code or commands via a specifically crafted request. This issue affects the HTTPSd daemon and can be exploited by an authenticated attacker to achieve arbitrary code execution.
Recommendations
For Fortinet FortiOS versions 7.0.0 through 7.0.5, update to a version that contains a fix for this issue.
For FortiPAM versions 1.0.0 through 1.0.3, update to a version that contains a fix for this issue.
For FortiPAM versions 1.1.0 through 1.1.1, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the HTTPSd daemon to minimize the risk of exploitation.
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortipam