CVE-2023-45586

MEDIUM Year: 2023
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

Related Vulnerabilities

CVE-2017-1405

MEDIUM
CVSS:4.9(Medium)

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

CWE-3452017

CVE-2022-22567

MEDIUM
CVSS:5.1(Medium)

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability i...

CWE-3452022

CVE-2022-33861

MEDIUM
CVSS:5.1(Medium)

IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.

CWE-3452022

CVE-2022-46422

MEDIUM
CVSS:4.8(Medium)

An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

CWE-3452022

CVE-2023-32993

MEDIUM
CVSS:4.8(Medium)

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused usin...

CWE-3452023

CVE-2015-9232

MEDIUM
CVSS:5.3(Medium)

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not...

CWE-3452015