An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:09.998Z

Updated: 2024-08-02T20:21:16.569Z

Reserved: 2023-10-09T08:01:29.296Z

Link: CVE-2023-45586

cve-icon Vulnrichment

Updated: 2024-08-02T20:21:16.569Z

cve-icon NVD

Status : Modified

Published: 2024-05-14T17:15:24.560

Modified: 2024-11-21T08:27:00.740

Link: CVE-2023-45586

cve-icon Redhat

No data.