Insufficient Data Verification in Fortinet FortiOS and FortiProxy SSL-VPN
CVE-2023-45586

4.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiproxy; FortiOS
Vendor: CVE Published:; 14 May 2024

What is CVE-2023-45586?

An insufficient verification of data authenticity vulnerability in Fortinet's FortiOS and FortiProxy SSL-VPN tunnel modes permits an authenticated user to spoof the IP address of another user. This occurs through the utilization of crafted network packets, allowing for potentially undetected unauthorized access to systems within the same network scope. Versions affected include FortiOS from 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and prior to 7.0.12, alongside FortiProxy in similar versions. Organizations should assess and apply available security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiOS 7.4.0 <= 7.4.1

FortiOS 7.2.0 <= 7.2.7

FortiOS 7.0.0 <= 7.0.12

References

https://fortiguard.com/psirt/FG-IR-23-225

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Oct 9, 2023

JSON

Fortinet

What is CVE-2023-45586?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.