{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41678", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-30T13:42:39.547Z", "datePublished": "2023-12-13T06:44:44.233Z", "dateUpdated": "2024-08-02T19:01:35.327Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiPAM", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.1.0", "lessThanOrEqual": "1.1.1", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-12-13T06:44:44.233Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-415", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiPAM version 1.2.0 or above \nPlease upgrade to FortiPAM version 1.1.2 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-196", "url": "https://fortiguard.com/psirt/FG-IR-23-196"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:35.327Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-196", "url": "https://fortiguard.com/psirt/FG-IR-23-196", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "49D51C9F-CED3-4EA0-89EB-3A63F54B10E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A9341F0B-D2F3-41D6-8FA5-49FDE8F3048B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E0B17DD-6CE0-4DD0-9850-640F24A1AB10", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "48D0E8CC-3815-4697-86D0-DC7F66E70520", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "920985C7-18F9-414A-A0B2-8C2FACDDE708", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DA50317-AD1F-451A-AB91-96F1791CBBF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD6728D1-6891-4144-9D5B-EC7C9EE3B044", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7FFE431F-113D-4DF8-8166-10B8F8EB096C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0CC27DCF-F74C-431C-9545-F405D369AF22", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "46FB5EB9-00E7-444C-B433-B51460BED34C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request."}, {"lang": "es", "value": "Un doble gratuito en las versiones Fortinet FortiOS 7.0.0 a 7.0.5, FortiPAM versi\u00f3n 1.0.0 a 1.0.3, 1.1.0 a 1.1.1 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una solicitud espec\u00edficamente manipulada."}], "id": "CVE-2023-41678", "lastModified": "2024-11-21T08:21:28.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-13T07:15:17.317", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-196"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}

{}