CVE-2022-29056

CWE-3074 documents4 sources

Severity

5.3MEDIUM

EPSS

24.2%

top 3.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimail

Timeline

PublishedMar 9

Description

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortimail6.0.0 — 6.0.10+2

▶CVEListV5fortinet/fortimail6.2.1 — 6.2.4+3

🔴Vulnerability Details

CVEList

CVE-2022-29056: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6↗2023-03-09

▶

GHSA

GHSA-cvr2-h2fv-q36g: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6↗2023-03-09

▶

📋Vendor Advisories

Fortinet

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0,...↗2023-03-09

▶