Headline
CVE-2023-40718: Fortiguard
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
** PSIRT Advisories**
FortiOS - IPS Engine evasion using custom TCP flags
Summary
An interpretation conflict vulnerability [CWE-436] in FortiOS IPS Engine may allow an unauthenticated remote attacker to evade NGFW policies or IPS Engine protection via crafted TCP packets.
Affected Products
IPS Engine version 6.158 and below (FortiOS 6.4)
IPS Engine version 7.165 and below (FortiOS 7.0)
IPS Engine version 7.312 and below (FortiOS 7.2)
Solutions
IPS Engine manual download is not needed unless device is offline and cannot download IPS Engine update automatically.
Fixed in IPS Engine version 6.0159 and later.
FortiOS 6.4.13 and later contains IPS engine 6.0160 as the default IPS Engine.
IPS Engine 6.0162 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 6.4.x.
Fixed in IPS Engine version 7.0166 and later.
FortiOS 7.0.12 and later contains IPS engine 7.0167 as the default IPS Engine.
Fixed in IPS Engine version 7.0313 and later.
FortiOS 7.2.5 and later contains IPS engine 7.0314 as the default IPS Engine.
IPS Engine 7.0322 is downloadable from FortiGuard by FortiGate units with a valid subscription running FortiOS 7.2.x.
FortiOS 7.4.0 and later contains IPS engine 7.0493 as the default IPS Engine.
Acknowledgement
Fortinet is pleased to thank DISO and Cybersecurity Lab of the University of Udine to report this vulnerability.
Timeline
2023-10-10: Initial publication