CVE-2022-41333

6.8MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortirecorder
Vendor: CVE Published:; 7 March 2023

Badges

👾 Exploit Exists

Summary

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

Affected Version(s)

FortiRecorder 6.4.0 <= 6.4.3

FortiRecorder 6.0.0 <= 6.0.11

References

https://fortiguard.com/psirt/FG-IR-22-388

http://packetstormsecurity.com/files/171766/FortiRecorder...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 10, 2023
👾
Exploit known to exist
Mar 10, 2023
Vulnerability published
Mar 7, 2023
Vulnerability Reserved
Sep 23, 2022