CVE-2023-45582

CWE-3074 documents4 sources
Severity
7.3HIGH
EPSS
0.2%
top 57.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimail
Timeline
PublishedNov 14

Description

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

CVEListV5fortinet/fortimail7.2.07.2.4+4
NVDfortinet/fortimail6.2.06.2.9+4

🔴Vulnerability Details

2
CVEList
CVE-2023-45582: An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 72023-11-14
GHSA
GHSA-jf4v-mhj5-v7mx: An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 72023-11-14

📋Vendor Advisories

1
Fortinet
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0...2023-11-14
CVE-2023-45582 (HIGH CVSS 7.3) | An improper restriction of excessiv | cvebase.io