A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.
2022-09-06T18:15:12.693
2024-11-21T06:55:49.903
Modified
CVSSv3.1: 6.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fortinet | fortios | ≤ 6.0.14 | Yes |
| Operating System | fortinet | fortios | < 6.2.11 | Yes |
| Operating System | fortinet | fortios | < 6.4.9 | Yes |
| Operating System | fortinet | fortios | < 7.0.6 | Yes |
| Operating System | fortinet | fortios | 7.2.0 | Yes |