Vulnerabilities > Fortinet > Fortiauthenticator > 5.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-09 | CVE-2023-26208 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2022-04-06 | CVE-2021-26116 | OS Command Injection vulnerability in Fortinet Fortiauthenticator An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 6.5 |
| 2021-08-04 | CVE-2021-22124 | Resource Exhaustion vulnerability in Fortinet Fortiauthenticator and Fortisandbox An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. | 7.8 |