CVE-2023-44247 - Vulnerability Details

Description

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Published: 2024-05-14

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Fortinet

FortiOS

unaffected

Version	Status	Constraints
`6.4.0`	affected	≤ 6.4.16

Configuration 1 [-]

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade to FortiOS version 7.0.0 or above

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-48606	A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00247.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-195

History

Fri, 19 Dec 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:fortinet:fortios:6.2.0:::::::*
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 19 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description	A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.	A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
CPEs		cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::*

Subscriptions

Fortinet Fortios

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:13.178Z

Updated: 2026-01-14T09:14:39.405Z

Reserved: 2023-09-27T12:26:48.749Z

Link: CVE-2023-44247

Vulnrichment

Updated: 2024-08-02T19:59:52.078Z

NVD

Status : Modified

Published: 2024-05-14T17:15:20.807

Modified: 2025-12-19T09:15:45.750

Link: CVE-2023-44247

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-415

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object