CVE-2022-29056

Summary

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail6.4.0affected
FortinetFortiMail6.2.1 <= 6.2.4affected
FortinetFortiMail6.0.0 <= 6.0.9affected
FortinetFortiMail5.4.0 <= 5.4.12affected

Weaknesses

  • CWE-307: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References