CVE-2023-41678
HIGHFortinet FortiOS <7.0.6 - Use After Free
Title source: llmDescription
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
References (1)
Scores
CVSS v3
8.8
EPSS
0.0028
EPSS Percentile
51.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-415
Status
published
Affected Products (12)
fortinet/fortios
fortinet/fortios
fortinet/fortios
fortinet/fortios
fortinet/fortios
fortinet/fortios
fortinet/fortipam
fortinet/fortipam
fortinet/fortipam
fortinet/fortipam
fortinet/fortipam
fortinet/fortipam
Timeline
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026