CVE-2023-46715 – This CVE allows authenticated IPSec VPN users w... (How to Fix)

Q: What is the severity of CVE-2023-46715?

CVE-2023-46715 has a CVSS score of 5.0 (MEDIUM). This CVE allows authenticated IPSec VPN users with dynamic IP addressing to send spoofed packets appearing to come from other VPN users. It affects Fortinet FortiOS versions 7.4.0-7.4.1 and 7.2.6 and below. Attackers can impersonate other users but cannot receive responses to their spoofed packets.

📋 TL;DR

This CVE allows authenticated IPSec VPN users with dynamic IP addressing to send spoofed packets appearing to come from other VPN users. It affects Fortinet FortiOS versions 7.4.0-7.4.1 and 7.2.6 and below. Attackers can impersonate other users but cannot receive responses to their spoofed packets.

💻 Affected Systems

Products:

Fortinet FortiOS

Versions: 7.4.0 through 7.4.1, 7.2.6 and below

Operating Systems: FortiOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects IPSec VPN with dynamic IP addressing; requires authenticated VPN user access.

📦 What is this software?

Fortios by Fortinet

View all CVEs affecting Fortios →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could impersonate another VPN user to send malicious traffic, potentially bypassing access controls or framing legitimate users for malicious activity.

🟠

Likely Case

Limited impact since attackers cannot receive responses to spoofed packets, preventing full session hijacking or data exfiltration via this method alone.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is minimal as spoofed traffic can be detected and blocked.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated VPN access and knowledge of other VPN user IPs; limited to sending only (no response receipt).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.4.2 or 7.2.7

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-407

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install FortiOS 7.4.2 or 7.2.7 from Fortinet support portal. 3. Reboot the FortiGate device. 4. Verify version and VPN functionality.

🔧 Temporary Workarounds

Restrict VPN user IP assignment

all

Configure static IP addresses for VPN users instead of dynamic assignment to prevent exploitation.

config user local
edit <username>
set type password
set ip <static_ip>
end

🧯 If You Can't Patch

Implement strict network segmentation to limit VPN user access to only necessary resources.
Enable logging and monitoring for unusual VPN traffic patterns or IP spoofing attempts.

🔍 How to Verify

Check if Vulnerable:

Check FortiOS version via CLI: 'get system status' and verify if version is 7.4.0-7.4.1 or ≤7.2.6 with IPSec VPN enabled.

Check Version:

get system status | grep Version

Verify Fix Applied:

After patching, confirm version is 7.4.2 or 7.2.7+ using 'get system status' and test VPN connectivity.

📡 Detection & Monitoring

Log Indicators:

Unusual VPN user IP changes
Traffic from VPN IPs not matching assigned user mappings

Network Indicators:

IPSec packets with mismatched source IP/user mappings
Unidirectional traffic patterns from VPN users

SIEM Query:

source_ip IN vpn_ip_range AND NOT source_ip IN assigned_vpn_ips

📊 Metadata

CVE ID: CVE-2023-46715

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE: CWE-346

EPSS Score: 0.07% exploit probability (21.4th percentile)

Published: January 14, 2025

Last Updated: January 31, 2025

🔗 References

https://fortiguard.com/psirt/FG-IR-23-407 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46715, you might also want to check these: