A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-33469 A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Fixes

Solution

Please upgrade to FortiAuthenticator version 6.5.0 or above, Please upgrade to FortiDeceptor version 3.2.0 or above. Please upgrade to FortiMail version 6.4.1 or above, Please upgrade to FortiMail version 6.2.5 or above, Please upgrade to FortiMail version 6.0.10 or above.


Workaround

No workaround given by the vendor.

References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-10-22T20:48:02.279Z

Reserved: 2022-04-11T13:56:39.869Z

Link: CVE-2022-29056

cve-icon Vulnrichment

Updated: 2024-08-03T06:10:58.728Z

cve-icon NVD

Status : Modified

Published: 2023-03-09T15:15:09.020

Modified: 2024-11-21T06:58:25.270

Link: CVE-2022-29056

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.