{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-41678","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-08-30T13:42:39.547Z","datePublished":"2023-12-13T06:44:44.233Z","dateUpdated":"2026-02-25T16:12:50.580Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"}]},{"vendor":"Fortinet","product":"FortiPAM","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"1.1.0","lessThanOrEqual":"1.1.1","status":"affected"},{"versionType":"semver","version":"1.0.0","lessThanOrEqual":"1.0.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-12-13T06:44:44.233Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-415","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiPAM version 1.2.0 or above \nPlease upgrade to FortiPAM version 1.1.2 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-196","url":"https://fortiguard.com/psirt/FG-IR-23-196"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:01:35.327Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-196","url":"https://fortiguard.com/psirt/FG-IR-23-196","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-41678","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2023-12-14T05:00:10.853716Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T16:12:50.580Z"}}]}}