CVE-2022-27491 Information

Description

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214 7.001 through 7.113 6.001 through 6.121 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of locked page\ HTML data to an arbitrary victim via crafted TCP requests potentially flooding the victim.

Reference

https://fortiguard.com/psirt/FG-IR-22-073