An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-225 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2024-05-14T16:19:09.998Z
Updated: 2024-06-06T12:42:53.871Z
Reserved: 2023-10-09T08:01:29.296Z
Link: CVE-2023-45586
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-05-14T17:15:24.560
Modified: 2024-05-23T16:07:16.873
Link: CVE-2023-45586
JSON object: View
Redhat Information
No data.
CWE