{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40718", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-21T09:03:44.315Z", "datePublished": "2023-10-10T16:49:04.727Z", "dateUpdated": "2024-09-18T19:03:01.519Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "IPS Engine", "defaultStatus": "unaffected", "versions": [{"version": "7.321", "status": "affected"}, {"version": "7.166", "status": "affected"}, {"version": "6.158", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-10T16:49:04.727Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-436", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:R"}}], "solutions": [{"lang": "en", "value": "IPS Engine manual download is not needed unless device is offline and cannot download IPS Engine update automatically.\nFixed in IPS Engine version 6.0159 and later.\r\n\u00a0 FortiOS 6.4.13 and later contains IPS engine 6.0160 as the default IPS Engine.\r\n\u00a0 IPS Engine 6.0162 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 6.4.x.\nFixed in IPS Engine version 7.0166 and later.\r\n\u00a0 FortiOS 7.0.12 and later contains IPS engine 7.0167 as the default IPS Engine.\nFixed in IPS Engine version 7.0313 and later.\r\n\u00a0 FortiOS 7.2.5 and later contains IPS engine 7.0314 as the default IPS Engine.\r\n\u00a0 IPS Engine 7.0322 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 7.2.x.\nFortiOS 7.4.0 and later contains IPS engine 7.0493 as the default IPS Engine.\n\u00a0"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-090", "url": "https://fortiguard.com/psirt/FG-IR-23-090"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.324Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-090", "url": "https://fortiguard.com/psirt/FG-IR-23-090", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "fortinet", "product": "fortios_ips_engine", "cpes": ["cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.321", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "7.166", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "6.158", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T18:59:54.335454Z", "id": "CVE-2023-40718", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T19:03:01.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-090", "name": "https://fortiguard.com/psirt/FG-IR-23-090", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.324Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-18T18:59:54.335454Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortios_ips_engine", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.321"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.166"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.158"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T19:02:54.828Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:R", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "IPS Engine", "versions": [{"status": "affected", "version": "7.321"}, {"status": "affected", "version": "7.166"}, {"status": "affected", "version": "6.158"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IPS Engine manual download is not needed unless device is offline and cannot download IPS Engine update automatically.\nFixed in IPS Engine version 6.0159 and later.\r\n\u00a0 FortiOS 6.4.13 and later contains IPS engine 6.0160 as the default IPS Engine.\r\n\u00a0 IPS Engine 6.0162 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 6.4.x.\nFixed in IPS Engine version 7.0166 and later.\r\n\u00a0 FortiOS 7.0.12 and later contains IPS engine 7.0167 as the default IPS Engine.\nFixed in IPS Engine version 7.0313 and later.\r\n\u00a0 FortiOS 7.2.5 and later contains IPS engine 7.0314 as the default IPS Engine.\r\n\u00a0 IPS Engine 7.0322 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 7.2.x.\nFortiOS 7.4.0 and later contains IPS engine 7.0493 as the default IPS Engine.\n\u00a0"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-090", "name": "https://fortiguard.com/psirt/FG-IR-23-090"}], "descriptions": [{"lang": "en", "value": "A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-436", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-10-10T16:49:04.727Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40718", "state": "PUBLISHED", "dateUpdated": "2024-09-18T19:03:01.519Z", "dateReserved": "2023-08-21T09:03:44.315Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-10-10T16:49:04.727Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "76621CA9-15A3-45C7-89F6-00FF2F0DB7B5", "versionEndIncluding": "7.312", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "7582B2FF-8EDC-4599-96F3-CFA7BAE1FCF5", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "E527DD20-7553-4CAD-BFFF-02D2C4DFFADC", "versionEndIncluding": "7.165", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A6C2A7-21A4-4BB5-A3B6-9466E5CEA296", "versionEndExcluding": "7.0.12", "versionStartIncluding": "7.0.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortios_ips_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "E17821E5-7836-4EEA-A383-66CBCD45B258", "versionEndIncluding": "6.158", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "B153B056-24AE-41C4-B644-65E080C18360", "versionEndExcluding": "6.4.13", "versionStartIncluding": "6.4.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets."}, {"lang": "es", "value": "Un conflicto de interpretaci\u00f3n en las versiones 7.321, 7.166 y 6.158 de Fortinet IPS Engine permite a un atacante evadir las funciones de IPS a trav\u00e9s de paquetes TCP manipulados."}], "id": "CVE-2023-40718", "lastModified": "2024-11-21T08:20:01.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T17:15:12.560", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-090"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-436"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}