CVE-2019-17657
published 2020-04-07CVE-2019-17657: An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortiap-s | w2 | — | — |
| fortinet | fortianalyzer | < 6.2.3 | 6.2.3 |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortiap | — | — |
| fortinet | fortiap-s | < 6.2.2 | 6.2.2 |
| fortinet | fortiap-s | — | — |
| fortinet | fortiap-w2 | < 6.2.2 | 6.2.2 |
| fortinet | fortiap-w2 | — | — |
| fortinet | fortimanager | < 6.2.3 | 6.2.3 |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortinet | — | — |
| fortinet | fortiswitch | < 3.6.11 | 3.6.11 |
| fortinet | fortiswitch | — | — |
| fortinet | fortiswitch | >= 6.0.0 < 6.0.6 | 6.0.6 |
| fortinet | fortiswitch | >= 6.2.0 < 6.2.2 | 6.2.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH