What is CVE-2023-41678?

CVE-2023-41678 is a high-severity vulnerability in Fortinet Fortios, classified under Double Free. CVSS score: 8.3/10. Published 2023-12-13.

How severe is CVE-2023-41678?

High severity. CVSS v3 base score is 8.3 out of 10.

Is CVE-2023-41678 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Double Free in Fortinet Fortios

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

Vulnerability class: Double Free

EPSS: 0.003 (51.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C.

Affected products

Fortinet Fortios — versions 7.0.0
Fortinet Fortipam — versions 1.1.0, 1.0.0

Weakness classification (CWE)

CWE-415 — Double Free

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://fortiguard.com/psirt/FG-IR-23-196

Frequently asked questions

What is CVE-2023-41678?: CVE-2023-41678 is a high-severity vulnerability in Fortinet Fortios, classified under Double Free. CVSS score: 8.3/10. Published 2023-12-13.
How severe is CVE-2023-41678?: High severity. CVSS v3 base score is 8.3 out of 10.
Is CVE-2023-41678 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.