First published: Tue Dec 12 2023(Updated: )
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
WebKit | ||
Microsoft Power Platform | ||
Azure Logic Apps | ||
Microsoft Windows | ||
Adobe Prelude | ||
Adobe Illustrator 2024 | ||
Adobe InDesign 2025 | ||
Adobe Dimension | ||
Adobe Experience Manager | ||
Adobe Substance 3D Stager | ||
Adobe Substance 3D Sampler | ||
Adobe After Effects 2025 | ||
Trimble ProDesign 3D | ||
Android | ||
SAP Business Technology Platform | ||
Bamboo | ||
Atlassian Bitbucket | ||
Atlassian Jira | ||
Atlassian Confluence Server/Data Center | ||
Atlassian Confluence Server and Data Server | ||
Apache Struts | ||
VMware Workspace ONE Launcher | ||
FortiOS | ||
FortiGuard FortiPAM | ||
FortiOS | =7.0.0 | |
FortiOS | =7.0.1 | |
FortiOS | =7.0.2 | |
FortiOS | =7.0.3 | |
FortiOS | =7.0.4 | |
FortiOS | =7.0.5 | |
FortiGuard FortiPAM | =1.0.0 | |
FortiGuard FortiPAM | =1.0.1 | |
FortiGuard FortiPAM | =1.0.2 | |
FortiGuard FortiPAM | =1.0.3 | |
FortiGuard FortiPAM | =1.1.0 | |
FortiGuard FortiPAM | =1.1.1 |
Please upgrade to FortiOS version 7.2.0 or above Please upgrade to FortiOS version 7.0.6 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiPAM version 1.2.0 or above Please upgrade to FortiPAM version 1.1.2 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-41678 is rated as critical due to its potential for unauthorized code execution.
To mitigate CVE-2023-41678, upgrade to a patched version of FortiOS or FortiPAM as recommended by Fortinet.
CVE-2023-41678 affects Fortinet FortiOS versions 7.0.0 through 7.0.5 and FortiPAM versions 1.0.0 through 1.1.1.
CVE-2023-41678 is a double free vulnerability, which is classified under CWE-415.
Yes, CVE-2023-41678 can be exploited remotely through specially crafted requests.