Lucene search

FortinetCVE-2023-45586

HistoryMay 14, 2024 - 5:15 p.m.

CVE-2023-45586

2024-05-1417:15:24

CWE-345

fortinet

web.nvd.nist.gov

fortinet

ssl vpn

data authenticity

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

14.0%

JSON

An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

Affected configurations

Nvd

Node

fortinetfortiproxyRange2.0.0–2.0.12

fortinetfortiproxyRange7.0.0–7.0.14

fortinetfortiproxyRange7.2.0–7.2.8

fortinetfortiproxyMatch7.4.0

fortinetfortiproxyMatch7.4.1

Node

fortinetfortiosRange6.2.0–6.2.16

fortinetfortiosRange6.4.0–6.4.15

fortinetfortiosRange7.0.0–7.0.13

fortinetfortiosRange7.2.0–7.2.8

fortinetfortiosMatch7.4.0

fortinetfortiosMatch7.4.1

VendorProductVersionCPE
fortinetfortiproxy*cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinetfortiproxy7.4.0cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
fortinetfortiproxy7.4.1cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinetfortios7.4.0cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
fortinetfortios7.4.1cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiproxy	*	cpe:2.3:a:fortinet:fortiproxy::::::::
fortinet	fortiproxy	7.4.0	cpe:2.3:a:fortinet:fortiproxy:7.4.0:::::::*
fortinet	fortiproxy	7.4.1	cpe:2.3:a:fortinet:fortiproxy:7.4.1:::::::*
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::
fortinet	fortios	7.4.0	cpe:2.3:o:fortinet:fortios:7.4.0:::::::*
fortinet	fortios	7.4.1	cpe:2.3:o:fortinet:fortios:7.4.1:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiProxy",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.13",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "2.0.0",
        "lessThanOrEqual": "2.0.14",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiOS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.12",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.15",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.16",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-225

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-45586