Double free in cache management
Summary
A double free vulnerability [CWE-415] in FortiOS and FortiPAM HTTPSd daemon may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.
Version | Affected | Solution |
---|---|---|
FortiOS 7.2 | Not affected | Not Applicable |
FortiOS 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
FortiOS 6.4 | Not affected | Not Applicable |
FortiPAM 1.2 | Not affected | Not Applicable |
FortiPAM 1.1 | 1.1.0 through 1.1.1 | Upgrade to 1.1.2 or above |
FortiPAM 1.0 | 1.0 all versions | Migrate to a fixed release |
Timeline
2023-12-08: Initial publication