Improper Verification Vulnerability in Fortinet FortiOS
CVE-2022-27491

6.8MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-27491?

A vulnerability in Fortinet's FortiOS allows remote, unauthenticated attackers to exploit improper source verification in the IPS engine. This can lead to the triggering of 'blocked page' HTML data being sent to targeted victims via crafted TCP requests, potentially overwhelming them with unwanted traffic.

Affected Version(s)

Fortinet FortiOS FortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

References

https://fortiguard.com/psirt/FG-IR-22-073

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Mar 21, 2022