CVE-2021-41014Uncontrolled Resource Consumption in Fortinet Fortiweb

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 26.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortiweb
Timeline
PublishedDec 8
Latest updateDec 9

Description

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiweb6.0.06.0.7+7
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-62hx-qw5f-w62x: A uncontrolled resource consumption in Fortinet FortiWeb version 62021-12-09
CVEList
CVE-2021-41014: A uncontrolled resource consumption in Fortinet FortiWeb version 62021-12-08

📋Vendor Advisories

1
Fortinet
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthentic...2021-12-08
CVE-2021-41014 — Uncontrolled Resource Consumption | cvebase