CVE-2023-45586

Vulnerability Description

An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

Vulnerability Details

Published Date

May 14, 2024

Last Modified

November 21, 2024

Source

NVD

CVE-2023-45586

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment