CVE-2023-26209

CWE-3074 documents4 sources
Severity
5.3MEDIUM
EPSS
15.0%
top 5.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortideceptor
Timeline
PublishedMar 9

Description

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortideceptor1.0.03.2.0
CVEListV5fortinet/fortideceptor3.1.03.1.1+5

🔴Vulnerability Details

2
CVEList
CVE-2023-26209: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 32023-03-09
GHSA
GHSA-f96f-6pqr-vx9w: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 32023-03-09

📋Vendor Advisories

1
Fortinet
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0,...2023-03-09
CVE-2023-26209 (MEDIUM CVSS 5.3) | A improper restriction of excessive | cvebase.io