Unrated severityNVD Advisory· Published May 14, 2024· Updated Aug 2, 2024
CVE-2023-45586
CVE-2023-45586
Description
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
Affected products
47.4.0-7.4.1, 7.2.0-7.2.7, <7.0.13+ 1 more
- (no CPE)range: 7.4.0-7.4.1, 7.2.0-7.2.7, <7.0.13
- (no CPE)range: 7.4.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.