Fortinet FortiOS IPSec VPN Origin Validation Error Vulnerability Allowing IP Spoofing

Vulnerability

A vulnerability allowing IP spoofing has been identified in Fortinet FortiOS IPSec VPN versions 7.4.0 through 7.4.1 and in version 7.2.6 and below. This origin validation error allows an authenticated IPSec VPN user with dynamic IP addressing to send packets that impersonate the IP of another user, using specially crafted network packets. However, the vulnerability does not allow the spoofed packets to be received by the targeted user.

Impact

Exploitation of this vulnerability allows for IP spoofing, where an authenticated user can send packets that appear to come from another user's IP address.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS IPSec VPN Origin Validation Error Vulnerability Allowing IP Spoofing

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating