← back
CVE-2023-46715

CVE-2023-46715

CVSS 4.7 MEDIUMEPSS 0.9%CWE-346
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C
Affected products
Fortinet · FortiOSFortinet · FortiProxy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-23-407