Uncontrolled Resource Consumption (Denial of Service) in login module Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-170 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login modules may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. None Denial of service FortiSandbox version 3.0.0 through 3.0.6FortiSandbox version 3.1.0 through 3.1.4FortiSandbox version 3.2.0 through 3.2.1FortiAuthenticator version 4.3.0 through 4.3.4FortiAuthenticator version 5.0.0FortiAuthenticator version 5.1.0 through 5.1.2FortiAuthenticator version 5.2.0 through 5.2.2FortiAuthenticator version 5.3.0 through 5.3.1FortiAuthenticator version 5.4.0 through 5.4.1FortiAuthenticator version 5.5.0FortiAuthenticator version 6.0.0 through 6.0.5 Upgrade to FortiSandbox 4.0.0 or above.Upgrade to FortiSandbox 3.2.2 or above.Upgrade to FortiSandbox 3.1.5 or above.Upgrade to FortiSandbox 3.0.7 or above.Upgrade to FortiAuthenticator version 6.3.0 or above.Upgrade to FortiAuthenticator version 6.2.0 or above.Upgrade to FortiAuthenticator version 6.1.0 or above.Upgrade to FortiAuthenticator version 6.0.6 or above. Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. CVE-2021-22124 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-170 Uncontrolled Resource Consumption (Denial of Service) in login module Reference>