FortiRecorder - DoS in login authentication mechanism

2023-03-0700:00:00

FortiGuard Labs

www.fortiguard.com

fortirecorder

dos

vulnerability

crafted get requests

unauthenticated attacker

0.001 Low

EPSS

Percentile

40.7%

JSON

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

CPENameOperatorVersion
fortirecordereq6.4.3
fortirecordereq6.4.2
fortirecordereq6.4.1
fortirecordereq6.4.0
fortirecordereq6.0.9
fortirecordereq6.0.8
fortirecordereq6.0.7
fortirecordereq6.0.6
fortirecordereq6.0.5
fortirecordereq6.0.4

Name	Operator	Version
fortirecorder	eq	6.4.3
fortirecorder	eq	6.4.2
fortirecorder	eq	6.4.1
fortirecorder	eq	6.4.0
fortirecorder	eq	6.0.9
fortirecorder	eq	6.0.8
fortirecorder	eq	6.0.7
fortirecorder	eq	6.0.6
fortirecorder	eq	6.0.5
fortirecorder	eq	6.0.4

Rows per page:

1-10 of 161

0.001 Low

EPSS

Percentile

40.7%

JSON

Related for FG-IR-22-388