Severity Rating: Medium
Systems Affected
FortiAnalyzer 6.2.x, on models supporting FortiRecorder, versions prior to
6.2.4
FortiAnalyzer 6.4.x, on models supporting FortiRecorder, versions prior to
6.4.1
Overview
A vulnerability has been reported in FortiAnalyzer that could allow a
remote attacker to cause denial of service (DoS) condition on the targeted
system.
Description
This vulnerability exists in FortiAnalyzer due to an insufficient control
of network message volume. An unauthenticated remote attacker could exploit
this vulnerability by sending specially crafted mode 6 queries to the
FortiAnalyzer built-in NTP server and perform NTP amplification attacks on
the targeted system.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service (DoS) condition on the targeted system
Solution
Upgrade to FortiAnalyzer 6.2.4 or 6.4.1
Vendor Information
Fortiguard
References
Fortiguard
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.