CVE-2023-46715: 
FortiOS vulnerability analysis and mitigation

An origin validation error vulnerability (CVE-2023-46715) was discovered in FortiOS IPSec VPN, affecting multiple versions including 7.4.0 through 7.4.1, 7.2 and earlier versions, 7.0, 6.4, and 6.2. The vulnerability was internally discovered by Stephen J. Bevan of Fortinet's FortiOS development team and was initially published on January 14, 2025 (Fortiguard PSIRT).

The vulnerability is classified as an origin validation error [CWE-346] in FortiOS IPSec VPN. It received a CVSSv3 Score of 4.7, indicating a medium severity level. The technical issue specifically relates to improper access control in the IPSec VPN component (Fortiguard PSIRT).

When exploited, this vulnerability allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP address of another user through crafted network packets (Fortiguard PSIRT).

Fortinet has released several mitigations for affected versions: Users on FortiOS 7.4.0 through 7.4.1 should upgrade to version 7.4.2 or above. For FortiOS 7.2, 7.0, 6.4, and 6.2 versions, users should migrate to a fixed release. FortiOS 7.6 is not affected by this vulnerability. FortiSASE users will have the issue resolved in Q1/24. Fortinet provides an upgrade tool at their documentation site for following the recommended upgrade path (Fortiguard PSIRT).