Fortinet FortiOS is a network security platform used by organizations to manage and secure their networks. The double free vulnerability in FortiOS 6.4 all versions allows a privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests, potentially leading to arbitrary code execution.
You're affected if you use Fortinet FortiOS version 6.4. Check with: grep 'FortiOS 6.4' /var/log/syslog (Note: This command is specific to Linux and may not work on other operating systems.)
This is Fortinet FortiOS, NOT Cisco ASA or Juniper SRX.
Upgrade to FortiOS 7.4 using the official upgrade tool at: https://docs.fortinet.com/upgrade-tool
- If immediate mitigation isn't possible:
- Restrict network access to your FortiOS instance (firewall it from the public internet)
- Monitor for suspicious HTTP or HTTPS requests