CVE-2022-27491

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.001 through 5.258 Fortinet FortiOS versions 6.001 through 6.121 Fortinet FortiOS versions 7.001 through 7.113 Fortinet FortiOS versions 7.201 through 7.214 Fortinet FortiOS versions before 4.086

Description The issue is related to an improper verification of the source of a communication channel, allowing a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests. This could potentially flood the victim. The attack is possible if at least a firewall policy has inspection mode set to flow-based and at least a Security Profile is enabled, such as Web Filter, AntiVirus, IPS, DLP, Application Control, SSL, or File filter.

Recommendations For Fortinet FortiOS versions 5.001 through 5.258, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 6.001 through 6.121, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 7.001 through 7.113, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 7.201 through 7.214, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions before 4.086, update to a version 4.086 or later to mitigate the risk.