CVE-2022-27491

CVSS v3.1 7.5 (High)

EPSS 0.09 % (41^th)

Affected Products 1

Advisories 5

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Fortinet, Inc.
Published Date: 2022-09-06 18:15:12
(2 years ago)
Updated Date: 2022-09-09 02:26:18
(2 years ago)

Affected Products

Fortinet

Fortios

Configuration #1

	CPE23	From	Up To
Fortinet Fortios from 6.0.0 version and 6.0.14 and prior versions	cpe:2.3:o:fortinet:fortios	>= 6.0.0	<= 6.0.14
Fortinet Fortios from 6.2.0 version and prior 6.2.11 version	cpe:2.3:o:fortinet:fortios	>= 6.2.0	< 6.2.11
Fortinet Fortios from 6.4.0 version and prior 6.4.9 version	cpe:2.3:o:fortinet:fortios	>= 6.4.0	< 6.4.9
Fortinet Fortios from 7.0.0 version and prior 7.0.6 version	cpe:2.3:o:fortinet:fortios	>= 7.0.0	< 7.0.6
Fortinet Fortios 7.2.0	cpe:2.3:o:fortinet:fortios:7.2.0