A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 up to and including 7.214, 7.001 up to and including 7.113, 6.001 up to and including 6.121, 5.001 up to and including 5.258 and prior to 4.086 allows a remote and unauthenticated malicious user to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortios |
||
fortinet fortios 7.2.0 |