FortiRecorder - DoS in login authentication mechanism
Summary
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
Affected Products
FortiRecorder 6.4.3 and below,
FortiRecorder 6.0.11 to 6.0.0
Solutions
Please upgrade to FortiRecorder version 7.0.0 or above
Please upgrade to FortiRecorder version 6.4.4 or above
Please upgrade to FortiRecorder version 6.0.12 or above
Acknowledgement
Fortinet is pleased to thank Mohammed Adel of Safe Decision Cybersecurity Labs for bringing this issue to our attention under responsible disclosure.Timeline
2023-03-07: Initial publication