Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module
Summary
An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login modules may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
Affected Products
FortiSandbox version 3.0.0 through 3.0.6
FortiSandbox version 3.1.0 through 3.1.4
FortiSandbox version 3.2.0 through 3.2.1
FortiAuthenticator version 4.3.0 through 4.3.4
FortiAuthenticator version 5.0.0
FortiAuthenticator version 5.1.0 through 5.1.2
FortiAuthenticator version 5.2.0 through 5.2.2
FortiAuthenticator version 5.3.0 through 5.3.1
FortiAuthenticator version 5.4.0 through 5.4.1
FortiAuthenticator version 5.5.0
FortiAuthenticator version 6.0.0 through 6.0.5
Solutions
Upgrade to FortiSandbox 4.0.0 or above.
Upgrade to FortiSandbox 3.2.2 or above.
Upgrade to FortiSandbox 3.1.5 or above.
Upgrade to FortiSandbox 3.0.7 or above.
Upgrade to FortiAuthenticator version 6.3.0 or above.
Upgrade to FortiAuthenticator version 6.2.0 or above.
Upgrade to FortiAuthenticator version 6.1.0 or above.
Upgrade to FortiAuthenticator version 6.0.6 or above.