Origin Validation Flaw in Fortinet FortiOS IPSec VPN
CVE-2023-46715

Currently unrated

Key Information:

Vendor: Fortinet
Status: FortiOS IPSec VPN
Vendor: CVE Published:; 14 January 2025

Summary

An origin validation error in Fortinet's FortiOS IPSec VPN enables an authenticated user with dynamic IP addressing to send packets that can spoof another user's IP. This vulnerability affects versions 7.4.0 through 7.4.1 and 7.2.6 and below, allowing a potential threat to network integrity by exploiting crafted network packets.

References

https://fortiguard.com/psirt/FG-IR-23-407

Timeline

Vulnerability published
Jan 14, 2025