CVE-2023-40718

EUVD-2023-45272
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
fortinetCNA
6.7 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
fortinetfortios_ips_engine
𝑥
≤ 7.312
fortinetfortios_ips_engine
𝑥
≤ 7.165
fortinetfortios_ips_engine
𝑥
≤ 6.158
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-23-090
https://fortiguard.com/psirt/FG-IR-23-090