CVE-2021-22124

Published: Aug 4, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.

Affected (6)

Products: Fortinet: Fortiauthenticator, Fortisandbox

Fortinet

2 products

Fortiauthenticator

Fortisandbox

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiauthenticator	From 4.0.0 to 4.3.4
Fortinet Fortiauthenticator	From 5.0.0 to 5.5.0
Fortinet Fortiauthenticator	From 6.0.0 to 6.0.6
Fortinet Fortisandbox	From 3.0.0 to 3.0.7
Fortinet Fortisandbox	From 3.1.0 to 3.1.5
Fortinet Fortisandbox	From 3.2.0 to 3.2.2

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://fortiguard.com/advisory/FG-IR-20-170

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-170

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.