CVE-2023-44247: 
FortiOS vulnerability analysis and mitigation

A double free vulnerability (CVE-2023-44247) was discovered in Fortinet FortiOS before version 7.0.0. The vulnerability was internally discovered and reported by the FortiOS QA team, and was initially published on May 14, 2024. This security flaw affects FortiOS versions 6.2 (all versions) and 6.4 (all versions) (Fortinet Advisory).

The vulnerability is classified as CWE-415 (Double Free) and has received a CVSSv3 score of 6.5 (Medium severity). The issue occurs when there is a double usage of json_object_put in FortiOS, which may allow a privileged attacker to execute unauthorized code or commands through crafted HTTP or HTTPS requests (NVD, Fortinet Advisory).

If successfully exploited, this vulnerability could allow a privileged attacker to execute unauthorized code or commands on the affected system. The impact is considered medium severity due to the requirement of privileged access for exploitation (Fortinet Advisory).

Fortinet recommends users of affected versions to migrate to a fixed release. FortiOS version 7.0 is not affected by this vulnerability. Users can follow the recommended upgrade path using Fortinet's upgrade tool available at their documentation site (Fortinet Advisory).