A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-45272 A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
Fixes

Solution

IPS Engine manual download is not needed unless device is offline and cannot download IPS Engine update automatically. Fixed in IPS Engine version 6.0159 and later.   FortiOS 6.4.13 and later contains IPS engine 6.0160 as the default IPS Engine.   IPS Engine 6.0162 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 6.4.x. Fixed in IPS Engine version 7.0166 and later.   FortiOS 7.0.12 and later contains IPS engine 7.0167 as the default IPS Engine. Fixed in IPS Engine version 7.0313 and later.   FortiOS 7.2.5 and later contains IPS engine 7.0314 as the default IPS Engine.   IPS Engine 7.0322 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 7.2.x. FortiOS 7.4.0 and later contains IPS engine 7.0493 as the default IPS Engine.  


Workaround

No workaround given by the vendor.

References
History

Wed, 18 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-09-18T19:03:01.519Z

Reserved: 2023-08-21T09:03:44.315Z

Link: CVE-2023-40718

cve-icon Vulnrichment

Updated: 2024-08-02T18:38:51.324Z

cve-icon NVD

Status : Modified

Published: 2023-10-10T17:15:12.560

Modified: 2024-11-21T08:20:01.453

Link: CVE-2023-40718

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.