An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server.
CPE | Name | Operator | Version |
---|---|---|---|
fortianalyzer | eq | 6.4.0 | |
fortianalyzer | eq | 6.2.3 | |
fortirecorder | eq | 6.0.1 | |
fortirecorder | eq | 6.0.0 | |
fortirecorder | eq | 2.7.7 |