CVE-2021-22124

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
fortinetCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:X
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
fortinetfortiauthenticator
4.0.0 ≤
𝑥
≤ 4.3.4
fortinetfortiauthenticator
5.0.0 ≤
𝑥
≤ 5.5.0
fortinetfortiauthenticator
6.0.0 ≤
𝑥
< 6.0.6
fortinetfortisandbox
3.0.0 ≤
𝑥
< 3.0.7
fortinetfortisandbox
3.1.0 ≤
𝑥
< 3.1.5
fortinetfortisandbox
3.2.0 ≤
𝑥
< 3.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/advisory/FG-IR-20-170
https://fortiguard.com/advisory/FG-IR-20-170