CNNVD-202508-1250 Information
CNNVD ID
CNNVD-202508-1250
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减少带宽需求,并通过内容和视频缓存优化网络。Fortinet FortiPAM是一款权限访问控制的平台。 Fortinet多款产品存在资源管理错误漏洞,该漏洞源于双重释放,可能导致执行任意代码。以下产品和版本受到影响:FortiOS 7.4.0版本、7.2.0至7.2.5版本和7.0.12之前版本、FortiProxy 7.4.0至7.4.1版本、7.2.0至7.2.7版本和7.0.13之前版本和FortiPAM 1.1.0至1.1.2版本和1.0.3之前版本。
Description (English)
Fortinet FortiOS and others are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. Fortinet FortiProxy is a secure network agent who can protect employees from cyberattacks by combining multiple detection techniques such as Web filtering, DNS filtering, DLP, anti-virus, invasion defense and advanced threat protection. FortiProxy helps reduce bandwidth demand and optimizes the network through content and video caches. Fortinet FortiPam is a platform for access control. Fortinet ’ s multiple products had an error in resource management, which stemmed from double releases and could lead to the enforcement of arbitrary codes. The following products and versions have been affected: FortiOS, version 7.4.0, versions 7.2.0-7.2.5 and pre-7.0.12, FortiProxy, versions 7.4.0-7.4.1, versions 7.2.0-7 and pre-7.0.13 and FortiPAM, versions 1.1.0-1.1.2 and pre-1.0.3.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
飞塔
Published
2025-08-12
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-23-209 https://access.redhat.com/security/cve/cve-2023-45584
Patch
https://docs.fortinet.com/upgrade-tool/fortigate
Share on: