Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-170
Final
1
1
2021-08-03T00:00:00
Current version
2021-08-03T00:00:00
2021-08-03T00:00:00
An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login modules may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
None
Availability, Denial of Service
FortiSandbox version 3.0.0 through 3.0.6 FortiSandbox version 3.1.0 through 3.1.4 FortiSandbox version 3.2.0 through 3.2.1 FortiAuthenticator version 4.3.0 through 4.3.4 FortiAuthenticator version 5.0.0 FortiAuthenticator version 5.1.0 through 5.1.2 FortiAuthenticator version 5.2.0 through 5.2.2 FortiAuthenticator version 5.3.0 through 5.3.1 FortiAuthenticator version 5.4.0 through 5.4.1 FortiAuthenticator version 5.5.0 FortiAuthenticator version 6.0.0 through 6.0.5
Upgrade to FortiSandbox 4.0.0 or above. Upgrade to FortiSandbox 3.2.2 or above. Upgrade to FortiSandbox 3.1.5 or above. Upgrade to FortiSandbox 3.0.7 or above. Upgrade to FortiAuthenticator version 6.3.0 or above. Upgrade to FortiAuthenticator version 6.2.0 or above. Upgrade to FortiAuthenticator version 6.1.0 or above. Upgrade to FortiAuthenticator version 6.0.6 or above.
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
FortiSandbox 3.2.2
FortiSandbox 3.2.1
FortiSandbox 3.2.0
FortiSandbox 3.1.4
FortiSandbox 3.1.3
FortiSandbox 3.1.2
FortiSandbox 3.1.1
FortiSandbox 3.1.0
FortiSandbox 3.0.6
FortiSandbox 3.0.5
FortiSandbox 3.0.4
FortiSandbox 3.0.3
FortiSandbox 3.0.2
FortiSandbox 3.0.1
FortiSandbox 3.0.0
FortiAuthenticator 6.0.5
FortiAuthenticator 6.0.4
FortiAuthenticator 6.0.3
FortiAuthenticator 6.0.2
FortiAuthenticator 6.0.1
FortiAuthenticator 6.0.0
FortiAuthenticator 5.5.0
FortiAuthenticator 5.4.1
FortiAuthenticator 5.4.0
FortiAuthenticator 5.3.1
FortiAuthenticator 5.3.0
FortiAuthenticator 5.2.2
FortiAuthenticator 5.2.1
FortiAuthenticator 5.2.0
FortiAuthenticator 5.1.2
FortiAuthenticator 5.1.1
FortiAuthenticator 5.1.0
FortiAuthenticator 5.0.0
FortiAuthenticator 4.3.4
FortiAuthenticator 4.3.2
FortiAuthenticator 4.3.1
FortiAuthenticator 4.3.0
Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module
CVE-2021-22124
FortiSandbox-3.2.2
FortiSandbox-3.2.1
FortiSandbox-3.2.0
FortiSandbox-3.1.4
FortiSandbox-3.1.3
FortiSandbox-3.1.2
FortiSandbox-3.1.1
FortiSandbox-3.1.0
FortiSandbox-3.0.6
FortiSandbox-3.0.5
FortiSandbox-3.0.4
FortiSandbox-3.0.3
FortiSandbox-3.0.2
FortiSandbox-3.0.1
FortiSandbox-3.0.0
FortiAuthenticator-6.0.5
FortiAuthenticator-6.0.4
FortiAuthenticator-6.0.3
FortiAuthenticator-6.0.2
FortiAuthenticator-6.0.1
FortiAuthenticator-6.0.0
FortiAuthenticator-5.5.0
FortiAuthenticator-5.4.1
FortiAuthenticator-5.4.0
FortiAuthenticator-5.3.1
FortiAuthenticator-5.3.0
FortiAuthenticator-5.2.2
FortiAuthenticator-5.2.1
FortiAuthenticator-5.2.0
FortiAuthenticator-5.1.2
FortiAuthenticator-5.1.1
FortiAuthenticator-5.1.0
FortiAuthenticator-5.0.0
FortiAuthenticator-4.3.4
FortiAuthenticator-4.3.2
FortiAuthenticator-4.3.1
FortiAuthenticator-4.3.0
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-170
Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module
Reference>