CVE-2019-17657

Summary

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.

Affected Software

VendorProductVersion RangeStatus
n/aFortinet FortiSwitchbelow 3.6.11affected
n/aFortinet FortiSwitch6.0.6 and 6.2.2affected
n/aFortiAnalyzerbelow 6.2.3affected
n/aFortiManagerbelow 6.2.3affected
n/aFortiAP-S/W2below 6.2.2affected

Weaknesses

  • Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References