Vulnerabilities > CVE-2023-26209 - Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

fortinet

CWE-307

NVD

Published: 2023-03-09

Updated: 2023-11-07

Summary

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortideceptor 1.0.0 Fortinet Fortideceptor 1.0.1 Fortinet Fortideceptor 1.1 Fortinet Fortideceptor 1.1.0 Fortinet Fortideceptor 1.4.3 Fortinet Fortideceptor 2.0 Fortinet Fortideceptor 2.0.0 Fortinet Fortideceptor 2.1 Fortinet Fortideceptor 2.1.0 Fortinet Fortideceptor 3.0.0 Fortinet Fortideceptor 3.0.1 Fortinet Fortideceptor 3.0.2 Fortinet Fortideceptor 3.1 Fortinet Fortideceptor 3.1.0 Fortinet Fortideceptor 3.1.1	15

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://fortiguard.com/psirt/FG-IR-20-078