PT-2021-23049 · Fortinet · Fortiweb

Published

2021-12-08

Updated

2021-12-09

CVE-2021-41014

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.4.1 and below Fortinet FortiWeb versions 6.3.15 and below

Description The issue is related to uncontrolled resource consumption, allowing an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets.

Recommendations For Fortinet FortiWeb versions 6.4.1 and below, consider restricting access to the httpsd daemon to minimize the risk of exploitation until a patch is available. For Fortinet FortiWeb versions 6.3.15 and below, consider restricting access to the httpsd daemon to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-41014

Affected Products

Fortiweb

PT-2021-23049 · Fortinet · Fortiweb

CVE-2021-41014

Weakness Enumeration

Related Identifiers

Affected Products

References · 4