CVE-2023-45584

Published: Aug 12, 2025Modified: Jan 14, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Affected (7)

Products: Fortinet: Fortios, Fortipam, Fortiproxy

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.4.0 to 7.0.13
Fortinet Fortios	From 7.2.0 to 7.2.6
Fortinet Fortios	Version 7.4.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortipam	From 1.0.0 to 1.1.2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 7.0.0 to 7.0.14
Fortinet Fortiproxy	From 7.2.0 to 7.2.8
Fortinet Fortiproxy	From 7.4.0 to 7.4.2

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-209

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.