CVE-2023-45584
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-14
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortios | 7.4.0 |
| fortinet | fortipam | From 1.0.0 (inc) to 1.1.2 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free issue in certain versions of Fortinet FortiOS, FortiProxy, and FortiPAM. A double free occurs when a program frees the same memory location twice, which can lead to memory corruption. In this case, a privileged attacker can exploit this flaw by sending specially crafted HTTP or HTTPS requests to execute arbitrary code or commands on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a privileged attacker to execute arbitrary code or commands on the affected device. This can lead to unauthorized control over the system, potentially resulting in data breaches, disruption of services, or further compromise of the network.