Vulnerability Description
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | < 6.2.3 |
| Fortinet | Fortiap-S | < 6.2.2 |
| Fortinet | Fortiap-W2 | < 6.2.2 |
| Fortinet | Fortimanager | < 6.2.3 |
| Fortinet | Fortiswitch | < 3.6.11 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-19-013Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-19-013Vendor Advisory
FAQ
What is CVE-2019-17657?
CVE-2019-17657 is a vulnerability with a CVSS score of 7.5 (HIGH). An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an ...
How severe is CVE-2019-17657?
CVE-2019-17657 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17657?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortiap-S, Fortinet Fortiap-W2, Fortinet Fortimanager, Fortinet Fortiswitch.