CVE-2023-26209

Name of the Vulnerable Software and Affected Versions Fortinet FortiDeceptor versions 3.1.x and earlier

Description The issue is related to insufficient restriction of excessive authentication attempts, allowing a remote attacker to cause a denial of service by sending specially crafted HTTP requests. This can lead to partial exhaustion of CPU and memory resources. The attacker can send numerous HTTP requests to the login form to exploit this issue.

Recommendations For Fortinet FortiDeceptor versions 3.1.x and earlier, consider restricting access to the login form to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the number of authentication attempts to prevent excessive requests from overwhelming the system. Avoid using the login form with untrusted or unverified sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.