FortiOS - IPS Engine evasion using custom TCP flags (CVE-2023-40718)
With a fruitful collaboration with the DISO of the University of Udine, about one year ago we discovered a vulnerability in several Fortigate firewalls: an attacker could evade IPS features via crafted TCP packets. That is: by carefully setting some bits, TCP packets can pass through the firewall, despite the rules.
We promptly signaled the vulnerability to Fortinet, and finally, the vulnerability has been published as CVE-2023-40718. More details at FortiGuard PSIRT CVE description web page.