FortiAnalyzer could potentially be used in NTP amplification attacks
An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server.
FortiAnalyzer 6.4.0, 6.2.3 and below (*)
* only models that support FortiRecorder management are impacted:
Upgrade to FortiAnalyzer 6.2.4 or 6.4.1