Описание
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
EPSS
5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
Уязвимость операционных систем FortiOS, связанная с недостатком в механизме подтверждения источника, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
EPSS
5 Medium
CVSS3
4.3 Medium
CVSS3