FortiRecorder - DoS in login authentication mechanism Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-388 Final 1 1 2023-03-07T00:00:00 Current version 2023-03-07T00:00:00 2023-03-07T00:00:00 An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. None Denial of service At leastFortiRecorder 7.0 all versions are not affectedFortiRecorder version 6.4.0 through 6.4.3FortiRecorder version 6.0.0 through 6.0.11FortiRecorder 2.7 all versions are not affected Please upgrade to FortiRecorder version 7.0.0 or abovePlease upgrade to FortiRecorder version 6.4.4 or abovePlease upgrade to FortiRecorder version 6.0.12 or above Fortinet is pleased to thank Mohammed Adel of Safe Decision Cybersecurity Labs for bringing this issue to our attention under responsible disclosure. FortiRecorder 6.4.3 FortiRecorder 6.4.2 FortiRecorder 6.4.1 FortiRecorder 6.4.0 FortiRecorder 6.0.11 FortiRecorder 6.0.10 FortiRecorder 6.0.9 FortiRecorder 6.0.8 FortiRecorder 6.0.7 FortiRecorder 6.0.6 FortiRecorder 6.0.5 FortiRecorder 6.0.4 FortiRecorder 6.0.3 FortiRecorder 6.0.2 FortiRecorder 6.0.1 FortiRecorder 6.0.0 CVE-2022-41333 FortiRecorder-6.4.3 FortiRecorder-6.4.2 FortiRecorder-6.4.1 FortiRecorder-6.4.0 FortiRecorder-6.0.11 FortiRecorder-6.0.10 FortiRecorder-6.0.9 FortiRecorder-6.0.8 FortiRecorder-6.0.7 FortiRecorder-6.0.6 FortiRecorder-6.0.5 FortiRecorder-6.0.4 FortiRecorder-6.0.3 FortiRecorder-6.0.2 FortiRecorder-6.0.1 FortiRecorder-6.0.0 6.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-22-388 FortiRecorder - DoS in login authentication mechanism Reference>