Lucene search

FortinetCVELIST:CVE-2023-37934

HistoryJan 10, 2024 - 5:51 p.m.

CVE-2023-37934

2024-01-1017:51:36

CWE-770

fortinet

www.cve.org

resource allocation denial https

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:F/RC:C

EPSS

Percentile

13.0%

JSON

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiPAM",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "1.0.0",
        "lessThanOrEqual": "1.0.3",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-226

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:F/RC:C

EPSS

Percentile

13.0%

JSON

Related for CVELIST:CVE-2023-37934