Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-22-073
HistorySep 06, 2022 - 12:00 a.m.

Protect

2022-09-0600:00:00
FortiGuard Labs
www.fortiguard.com
27
fortios
communication source
vulnerability
remote attacker
tcp requests
firewall policy
inspection mode
security profile
flooding

EPSS

0.001

Percentile

40.4%

JSON

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of “blocked page” HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only if at least a firewall policy has inspection mode set to flow-based (default), AND at least a Security Profile is enabled (Web Filter, AntiVirus, IPS, DLP, Application Control, SSL, File filter).

Related

cve 1
prion 1
nvd 1
cvelist 1
nessus 6
cve
cve
CVE-2022-27491
2022-09-06 18:15:12
prion
prion
Input validation
2022-09-06 18:15:00
nvd
nvd
CVE-2022-27491
2022-09-06 18:15:12
cvelist
cvelist
CVE-2022-27491
2022-09-06 15:10:10
nessus
nessus
Oracle Linux 8 : olcne (ELSA-2023-23648)
2023-05-26 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12357)
2023-05-26 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12355)
2023-05-26 00:00:00

EPSS

0.001

Percentile

40.4%

JSON
Related for FG-IR-22-073
cve1prion1nvd1cvelist1nessus6