VYPR
Unrated severityNVD Advisory· Published May 14, 2024· Updated Aug 2, 2024

CVE-2023-45586

CVE-2023-45586

Description

An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.4.0-7.4.1, 7.2.0-7.2.7, <7.0.13+ 1 more
    • (no CPE)range: 7.4.0-7.4.1, 7.2.0-7.2.7, <7.0.13
    • (no CPE)range: 7.4.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    7.4.0-7.4.1, 7.2.0-7.2.7, <7.0.12+ 1 more
    • (no CPE)range: 7.4.0-7.4.1, 7.2.0-7.2.7, <7.0.12
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.