CVE-2023-45584

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.5 and prior to 7.0.12 Fortinet FortiProxy versions 7.2.0 through 7.2.7 and prior to 7.0.13 Fortinet FortiPAM versions 1.1.0 through 1.1.2 and prior to 1.0.3 Fortinet FortiOS version 7.4.0 Fortinet FortiProxy versions 7.4.0 through 7.4.1

Description: A double free vulnerability allows a privileged attacker to execute code or commands via crafted HTTP or HTTPS requests. A double free vulnerability occurs when memory is freed twice, potentially leading to code execution.

Recommendations: Fortinet FortiOS versions prior to 7.0.12: Update to a version later than 7.0.12. Fortinet FortiOS version 7.2.0 through 7.2.5: Update to a version later than 7.2.5. Fortinet FortiProxy versions prior to 7.0.13: Update to a version later than 7.0.13. Fortinet FortiProxy versions 7.2.0 through 7.2.7: Update to a version later than 7.2.7. Fortinet FortiPAM versions prior to 1.0.3: Update to a version later than 1.0.3. Fortinet FortiPAM versions 1.1.0 through 1.1.2: Update to a version later than 1.1.2. Fortinet FortiOS version 7.4.0: Update to a newer version. Fortinet FortiProxy versions 7.4.0 through 7.4.1: Update to a newer version.