CVE-2023-41678: Double free in cache management
First published: Tue Dec 12 2023(Updated: )
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Webkit | ||
| Microsoft Power Platform | ||
| Microsoft Azure Logic Apps | ||
| Microsoft Windows | ||
| Adobe Prelude | ||
| Adobe Illustrator | ||
| Adobe InDesign | ||
| Adobe Dimension | ||
| Adobe Experience Manager | ||
| Adobe Substance3D Stager | ||
| Adobe Substance3D Sampler | ||
| Adobe Substance3D After Effects | ||
| Adobe Substance3D Designer | ||
| Google Android | ||
| SAP Business Technology Platform (SAP BTP) | ||
| Atlassian Bamboo | ||
| Atlassian Bitbucket | ||
| Atlassian JIRA | ||
| Atlassian Confluence Data Center | ||
| Atlassian Confluence Server | ||
| Cisco Apache Struts | ||
| VMware Workspace ONE Launcher | ||
| FortiGuard FortiOS | ||
| FortiGuard FortiPAM HTTPSd daemon | ||
| Fortinet FortiOS | =7.0.0 | |
| Fortinet FortiOS | =7.0.1 | |
| Fortinet FortiOS | =7.0.2 | |
| Fortinet FortiOS | =7.0.3 | |
| Fortinet FortiOS | =7.0.4 | |
| Fortinet FortiOS | =7.0.5 | |
| Fortinet FortiPAM | =1.0.0 | |
| Fortinet FortiPAM | =1.0.1 | |
| Fortinet FortiPAM | =1.0.2 | |
| Fortinet FortiPAM | =1.0.3 | |
| Fortinet FortiPAM | =1.1.0 | |
| Fortinet FortiPAM | =1.1.1 |
Remedy
Please upgrade to FortiOS version 7.2.0 or above Please upgrade to FortiOS version 7.0.6 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiPAM version 1.2.0 or above Please upgrade to FortiPAM version 1.1.2 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- agent/type
- agent/last-modified-date
- zeroday/true
- agent/software-canonical-lookup-request
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2023-41678
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/title
- agent/severity
- agent/description
- collector/nvd-api
- collector/fortiguard-psirt
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple webkit
- vendor/microsoft
- canonical/microsoft power platform
- canonical/microsoft azure logic apps
- canonical/microsoft windows
- vendor/adobe
- canonical/adobe prelude
- canonical/adobe illustrator
- canonical/adobe indesign
- canonical/adobe dimension
- canonical/adobe experience manager
- canonical/adobe substance3d stager
- canonical/adobe substance3d sampler
- canonical/adobe substance3d after effects
- canonical/adobe substance3d designer
- vendor/google
- canonical/google android
- vendor/sap
- canonical/sap business technology platform (sap btp)
- vendor/atlassian
- canonical/atlassian bamboo
- canonical/atlassian bitbucket
- canonical/atlassian jira
- canonical/atlassian confluence data center
- canonical/atlassian confluence server
- vendor/cisco
- canonical/cisco apache struts
- vendor/vmware
- canonical/vmware workspace one launcher
- vendor/fortiguard
- canonical/fortiguard fortios
- canonical/fortiguard fortipam httpsd daemon
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.1
- version/fortinet fortios/7.0.2
- version/fortinet fortios/7.0.3
- version/fortinet fortios/7.0.4
- version/fortinet fortios/7.0.5
- canonical/fortinet fortipam
- version/fortinet fortipam/1.0.0
- version/fortinet fortipam/1.0.1
- version/fortinet fortipam/1.0.2
- version/fortinet fortipam/1.0.3
- version/fortinet fortipam/1.1.0
- version/fortinet fortipam/1.1.1