A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of blocked page HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortios | Fortinet | 6.0.0 (including) | 6.0.14 (including) |
Fortios | Fortinet | 6.2.0 (including) | 6.2.11 (excluding) |
Fortios | Fortinet | 6.4.0 (including) | 6.4.9 (excluding) |
Fortios | Fortinet | 7.0.0 (including) | 7.0.6 (excluding) |
Fortios | Fortinet | 7.2.0 (including) | 7.2.0 (including) |