CVE-2023-44247 is a double free vulnerability (CWE-415) identified in Fortinet FortiOS version 6.4.0. This vulnerability arises from improper memory management where the same memory is freed twice, potentially leading to memory corruption. An attacker with privileged access can exploit this flaw by sending specially crafted HTTP or HTTPS requests to the FortiOS device. Successful exploitation allows the attacker to execute arbitrary code or commands on the affected system, compromising the device's confidentiality, integrity, and availability. The vulnerability requires the attacker to have high privileges (PR:H) and network access (AV:N), but does not require user interaction (UI:N). The attack complexity is high (AC:H), indicating some difficulty in exploitation, and the scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. The CVSS v3.1 base score is 6.5, categorizing it as medium severity. No public exploits or active exploitation in the wild have been reported to date. Fortinet has not yet published a patch link, but organizations are advised to monitor for updates. The vulnerability is critical for network security appliances as it can lead to full compromise of the FortiOS device, which often serves as a firewall, VPN gateway, or other security function in enterprise networks.

For European organizations, the exploitation of CVE-2023-44247 could lead to unauthorized code execution on FortiOS devices, potentially resulting in full compromise of network security infrastructure. This can lead to data breaches, disruption of network services, interception or manipulation of network traffic, and lateral movement within the network. Critical sectors such as finance, government, healthcare, and telecommunications that rely heavily on Fortinet devices for perimeter defense and secure remote access are at heightened risk. The medium severity score reflects the need for vigilance but also indicates that exploitation requires privileged access and is not trivial. However, if exploited, the impact on confidentiality, integrity, and availability is high, potentially causing significant operational and reputational damage. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Immediately inventory and identify all FortiOS devices running version 6.4.0 within the organization. 2. Monitor Fortinet’s official channels for the release of security patches addressing CVE-2023-44247 and apply them promptly once available. 3. Restrict administrative access to FortiOS devices to trusted networks and IP addresses using access control lists (ACLs) and VPNs. 4. Implement network segmentation to limit exposure of FortiOS management interfaces to the internet or untrusted networks. 5. Enable and review detailed logging and alerting on FortiOS devices for unusual HTTP/HTTPS requests or suspicious activity patterns. 6. Conduct regular vulnerability scans and penetration tests focusing on FortiOS devices to detect potential exploitation attempts. 7. Educate network administrators on the risks associated with this vulnerability and enforce the principle of least privilege for administrative accounts. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts targeting FortiOS. 9. Maintain up-to-date backups of FortiOS configurations to enable rapid recovery in case of compromise.