CVE-2023-26209

Summary

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiDeceptor3.1.0 <= 3.1.1affected
FortinetFortiDeceptor3.0.0 <= 3.0.2affected
FortinetFortiDeceptor2.1.0affected
FortinetFortiDeceptor2.0.0affected
FortinetFortiDeceptor1.1.0affected
FortinetFortiDeceptor1.0.0 <= 1.0.1affected

Weaknesses

  • CWE-307: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References