admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/45xxx/CVE-2023-45586.json
CVE Team df68a2919f
"-Synchronized-Data."
2024-05-14 17:00:38 +00:00

136 lines
5.9 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-45586",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.0",
"version_value": "7.4.1"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.7"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.13"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.14"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.0",
"version_value": "7.4.1"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.7"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.12"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.15"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-225",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-225"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.8 or above \nPlease upgrade to FortiProxy version 7.0.14 or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiSASE version 23.4.a or above \n"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink