CVE-2023-40718

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fortinetfortios_ips_engine
𝑥
≤ 7.312
fortinetfortios_ips_engine
𝑥
≤ 7.165
fortinetfortios_ips_engine
𝑥
≤ 6.158
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortios_ips_engine
𝑥
≤ 7.321
ADP
fortinetfortios_ips_engine
𝑥
≤ 7.166
ADP
fortinetfortios_ips_engine
𝑥
≤ 6.158
ADP
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-23-090
https://fortiguard.com/psirt/FG-IR-23-090