May 14, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

amp authenticity cwe data fortios fortiproxy ip spoofing may mode network packets send spoofing ssl tunnel verification vpn vulnerability

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Principal Software Engineer - Threat Detection

@ AppOmni | Remote, USA

Senior Security & GRC Lead

@ GoHenry | London, England, United Kingdom