CVE-2022-41333

CVE Database · CVE-2022-41333

CVE-2022-41333

· HIGHModified

CVSS v3.1

7.5

EPSS

7.23%

Published

Mar 7, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBFortiRecorder 6.4.3 - Denial of Service TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400CWE-400

Affected Products (2)

fortinet · fortirecorder_firmwarevulnerable

References (4)

http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html

https://fortiguard.com/psirt/FG-IR-22-388

Vendor Advisory

http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html

https://fortiguard.com/psirt/FG-IR-22-388

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs