CVE-2022-27491

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-073 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

History

09 Sep 2022, 02:26

Type Values Removed Values Added
CPE cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (CONFIRM) https://fortiguard.com/psirt/FG-IR-22-073 - (CONFIRM) https://fortiguard.com/psirt/FG-IR-22-073 - Vendor Advisory
CWE NVD-CWE-Other

06 Sep 2022, 18:50

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-06 18:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-27491

Mitre link : CVE-2022-27491

CVE.ORG link : CVE-2022-27491


JSON object : View

Products Affected

fortinet

  • fortios