Improper restriction of excessive authentication attempts in FortiSIEM

#VU84862 Improper restriction of excessive authentication attempts in FortiSIEM

Published: 2023-12-29

Vulnerability identifier: #VU84862

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42478

CWE-ID: CWE-307

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiSIEM
Server applications / DLP, anti-spam, sniffers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to perform brute-force attacks.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker with access to several endpoints can perform a brute force attack on these endpoints.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiSIEM: 5.1.0 - 6.7.0

External links
http://www.fortiguard.com/psirt/FG-IR-22-258

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Brute force attack in FortiSIEM