CVE-2023-46715

Summary

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.1affected
FortinetFortiProxy7.2.0 <= 7.2.6affected
FortinetFortiProxy7.0.0 <= 7.0.12affected
FortinetFortiOS7.4.0 <= 7.4.1affected
FortinetFortiOS7.2.0 <= 7.2.10affected
FortinetFortiOS7.0.0 <= 7.0.16affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiOS6.2.0 <= 6.2.16affected

Weaknesses

  • CWE-346: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References