Primary

Context

Fortinet FortiOS and FortiProxy Identity Spoofing Vulnerability in Security Fabric

Vulnerability

A vulnerability allowing identity spoofing of downstream devices in the security fabric has been identified in Fortinet FortiOS versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, and prior to 7.0.14. Fortinet FortiProxy versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.9, and prior to 7.0.16 are also affected. This vulnerability, accessible to unauthenticated attackers who possess knowledge of device-specific data, involves spoofing the identity of a downstream device by sending crafted TCP requests.

Impact

Exploitation of this vulnerability allows for unauthorized identity spoofing of devices within the security fabric, potentially leading to misrepresentation of device status or capabilities.

Added: Jun 10, 2025, 6:39 PM

Updated: Jun 10, 2025, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS and FortiProxy Identity Spoofing Vulnerability in Security Fabric

Vulnerability

Impact

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating