PT-2024-3555 · Fortinet · Fortiproxy+1
Published
2024-05-14
·
Updated
2024-05-23
·
CVE-2023-45586
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 7.0.0 through 7.0.11
FortiOS versions 7.2.0 through 7.2.7
FortiOS versions 7.4.0 through 7.4.1
FortiProxy versions 7.0.0 through 7.0.12
FortiProxy versions 7.2.0 through 7.2.7
FortiProxy versions 7.4.0 through 7.4.1
Description
The issue is related to an insufficient verification of data authenticity, allowing an authenticated VPN user to send packets spoofing the IP of another user via crafted network packets. This can be exploited by a remote attacker.
Recommendations
For FortiOS versions 7.0.0 through 7.0.11, update to version 7.0.12 or later.
For FortiOS versions 7.2.0 through 7.2.7, update to a version after 7.2.7.
For FortiOS versions 7.4.0 through 7.4.1, update to a version after 7.4.1.
For FortiProxy versions 7.0.0 through 7.0.12, update to version 7.0.13 or later.
For FortiProxy versions 7.2.0 through 7.2.7, update to a version after 7.2.7.
For FortiProxy versions 7.4.0 through 7.4.1, update to a version after 7.4.1.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy