#VU84443 Interpretation Conflict in IPSEngine - CVE-2023-40718

Cybersecurity Help s.r.o.

Published: 2023-12-15

Vulnerability identifier: #VU84443

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40718

CWE-ID: CWE-436

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IPSEngine
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to bypass implemented security policies.

The vulnerability exists due to an interpretation conflict when handling custom TCP flags. A remote attacker can send specially crafted TCP packets to evade NGFW policies or IPS Engine protection.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IPSEngine: before 6.0159

External links
https://fortiguard.com/psirt/FG-IR-23-090

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Fortigate NGFW on Siemens RUGGEDCOM APE1808 devices

Security restrictions bypass in FortiOS IPS Engine