Lucene search

[email protected]CVE-2021-22124

HistoryAug 04, 2021 - 7:15 p.m.

CVE-2021-22124

2021-08-0419:15:08

CWE-400

[email protected]

web.nvd.nist.gov

cve-2021

uncontrolled resource consumption

denial of service

fortisandbox

fortiauthenticator

vulnerability

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.6%

JSON

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.

Affected configurations

NVD

Node

fortinetfortiauthenticatorRange4.0.0–4.3.4

fortinetfortiauthenticatorRange5.0.0–5.5.0

fortinetfortiauthenticatorRange6.0.0–6.0.6

fortinetfortisandboxRange3.0.0–3.0.7

fortinetfortisandboxRange3.1.0–3.1.5

fortinetfortisandboxRange3.2.0–3.2.2

CPENameOperatorVersion
fortinet:fortiauthenticatorfortinet fortiauthenticatorle4.3.4
fortinet:fortiauthenticatorfortinet fortiauthenticatorle5.5.0
fortinet:fortiauthenticatorfortinet fortiauthenticatorlt6.0.6
fortinet:fortisandboxfortinet fortisandboxlt3.0.7
fortinet:fortisandboxfortinet fortisandboxlt3.1.5
fortinet:fortisandboxfortinet fortisandboxlt3.2.2

CPE	Name	Operator	Version
fortinet:fortiauthenticator	fortinet fortiauthenticator	le	4.3.4
fortinet:fortiauthenticator	fortinet fortiauthenticator	le	5.5.0
fortinet:fortiauthenticator	fortinet fortiauthenticator	lt	6.0.6
fortinet:fortisandbox	fortinet fortisandbox	lt	3.0.7
fortinet:fortisandbox	fortinet fortisandbox	lt	3.1.5
fortinet:fortisandbox	fortinet fortisandbox	lt	3.2.2

CNA Affected

[
  {
    "product": "Fortinet FortiSandbox, FortiAuthenticator",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiSandbox 3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, FortiAuthenticator before 6.0.6"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-170

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVE-2021-22124

fortinet1 cnvd1 cvelist1 nvd1 prion1