CVE-2019-17657

Name of the Vulnerable Software and Affected Versions FortiSwitch versions prior to 3.6.11 FortiSwitch versions prior to 6.0.6 FortiSwitch versions prior to 6.2.2 FortiAnalyzer versions prior to 6.2.3 FortiManager versions prior to 6.2.3 FortiAP-S/W2 versions prior to 6.2.2

Description The issue is related to an Uncontrolled Resource Consumption vulnerability that may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. This type of attack is a denial-of-service (DoS) attack where the attacker sends HTTP requests in pieces slowly, one at a time to a Web server, keeping the server's resources busy waiting for the rest of the data, and creating a DoS when the server's concurrent connection pool reaches its maximum.

Recommendations For FortiSwitch versions prior to 3.6.11, update to version 3.6.11 or later. For FortiSwitch versions prior to 6.0.6, update to version 6.0.6 or later. For FortiSwitch versions prior to 6.2.2, update to version 6.2.2 or later. For FortiAnalyzer versions prior to 6.2.3, update to version 6.2.3 or later. For FortiManager versions prior to 6.2.3, update to version 6.2.3 or later. For FortiAP-S/W2 versions prior to 6.2.2, update to version 6.2.2 or later. As a temporary workaround, consider restricting access to the admin webUI to minimize the risk of exploitation.