An improper verification of source of a communication channel vulnerability [CWE-940] in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of “blocked page” HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only if at least a firewall policy has inspection mode set to flow-based (default), AND at least a Security Profile is enabled (Web Filter, AntiVirus, IPS, DLP, Application Control, SSL, File filter).