Double free in cache management


A double free vulnerability [CWE-415] in FortiOS and FortiPAM HTTPSd daemon may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.

Version Affected Solution
FortiOS 7.2 Not affected Not Applicable
FortiOS 7.0 7.0.0 through 7.0.5 Upgrade to 7.0.6 or above
FortiOS 6.4 Not affected Not Applicable
FortiPAM 1.2 Not affected Not Applicable
FortiPAM 1.1 1.1.0 through 1.1.1 Upgrade to 1.1.2 or above
FortiPAM 1.0 1.0 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at:


2023-12-08: Initial publication