CVE-2019-17657 - Vulnerability Details - OpenCVE

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Fortinet	Fortianalyzer Fortiap-s Fortiap-w2 Fortimanager Fortiswitch

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortiap-s::::::::
	cpe:2.3:a:fortinet:fortiap-w2::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-19-013

History

Fri, 25 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2020-04-07T17:11:07

Updated: 2024-10-25T14:25:34.274Z

Reserved: 2019-10-16T00:00:00

Link: CVE-2019-17657

Vulnrichment

Updated: 2024-08-05T01:47:13.496Z

NVD

Status : Modified

Published: 2020-04-07T18:15:13.510

Modified: 2024-11-21T04:32:43.063

Link: CVE-2019-17657

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fortinet FortiSwitch", "vendor": "n/a", "versions": [{"status": "affected", "version": "below 3.6.11"}, {"status": "affected", "version": "6.0.6 and 6.2.2"}]}, {"product": "FortiAnalyzer", "vendor": "n/a", "versions": [{"status": "affected", "version": "below 6.2.3"}]}, {"product": "FortiManager", "vendor": "n/a", "versions": [{"status": "affected", "version": "below 6.2.3"}]}, {"product": "FortiAP-S/W2", "vendor": "n/a", "versions": [{"status": "affected", "version": "below 6.2.2"}]}], "datePublic": "2020-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-07T17:11:07", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-19-013"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-17657", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiSwitch", "version": {"version_data": [{"version_value": "below 3.6.11"}, {"version_value": "6.0.6 and 6.2.2"}]}}, {"product_name": "FortiAnalyzer", "version": {"version_data": [{"version_value": "below 6.2.3"}]}}, {"product_name": "FortiManager", "version": {"version_data": [{"version_value": "below 6.2.3"}]}}, {"product_name": "FortiAP-S/W2", "version": {"version_data": [{"version_value": "below 6.2.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-013", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-19-013"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:47:13.496Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-013"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:09:50.087531Z", "id": "CVE-2019-17657", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:25:34.274Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-17657", "datePublished": "2020-04-07T17:11:07", "dateReserved": "2019-10-16T00:00:00", "dateUpdated": "2024-10-25T14:25:34.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-013", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:47:13.496Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-17657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T20:09:50.087531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:17:10.712Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Fortinet FortiSwitch", "versions": [{"status": "affected", "version": "below 3.6.11"}, {"status": "affected", "version": "6.0.6 and 6.2.2"}]}, {"vendor": "n/a", "product": "FortiAnalyzer", "versions": [{"status": "affected", "version": "below 6.2.3"}]}, {"vendor": "n/a", "product": "FortiManager", "versions": [{"status": "affected", "version": "below 6.2.3"}]}, {"vendor": "n/a", "product": "FortiAP-S/W2", "versions": [{"status": "affected", "version": "below 6.2.2"}]}], "datePublic": "2020-02-03T00:00:00", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-013", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Denial of service"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-04-07T17:11:07"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "below 3.6.11"}, {"version_value": "6.0.6 and 6.2.2"}]}, "product_name": "Fortinet FortiSwitch"}, {"version": {"version_data": [{"version_value": "below 6.2.3"}]}, "product_name": "FortiAnalyzer"}, {"version": {"version_data": [{"version_value": "below 6.2.3"}]}, "product_name": "FortiManager"}, {"version": {"version_data": [{"version_value": "below 6.2.2"}]}, "product_name": "FortiAP-S/W2"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-013", "name": "https://fortiguard.com/psirt/FG-IR-19-013", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-17657", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-17657", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:25:34.274Z", "dateReserved": "2019-10-16T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-04-07T17:11:07", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBC118F5-8118-4767-A9FB-CCFBB2DFF3F9", "versionEndExcluding": "6.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E6E6044-AADA-4674-B9DD-7D39D459BAAA", "versionEndExcluding": "6.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3BBB116-CC43-4E5D-AAA7-BFBE1BD26886", "versionEndExcluding": "6.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9669E6-96CA-4391-8515-2ACB349CF4C2", "versionEndExcluding": "6.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "05F67FC3-A4F2-48E1-BB1F-36D993958DF5", "versionEndExcluding": "3.6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "826D813D-CC19-4B72-918E-AFCFA1C0A30E", "versionEndExcluding": "6.0.6", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D4A4EE4-D0A7-44A9-931B-577ECDAB808B", "versionEndExcluding": "6.2.2", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."}, {"lang": "es", "value": "Una vulnerabilidad de Consumo No Controlado de Recursos en Fortinet FortiSwitch por debajo de las versiones 3.6.11, 6.0.6 y 6.2.2, FortiAnalyzer por debajo de las versiones 6.2.3, FortiManager por debajo de las funciones 6.2.3 y FortiAP-S/W2 por debajo de las versiones 6.2.2, puede permitir a un atacante causar una denegaci\u00f3n de servicio (DoS) de la Interfaz de Usuario Web Administrativa mediante el manejo de peticiones y respuestas HTTP especialmente dise\u00f1adas en partes lentamente, como es demostrado por los Ataques de DoS de HTTP Lento."}], "id": "CVE-2019-17657", "lastModified": "2024-11-21T04:32:43.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-07T18:15:13.510", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-013"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}