VDB
CVE-2023-37934
CVE-2023-37934
PUBLISHED
CVSS 4.199999809265137 MEDIUM
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.
EPSS 0.14% · 34.3th percentile
Risk Scores
CVSS v3.1
4.199999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:C
EPSS Score
0.14%
34.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fortinet | fortipam | 1.0.0 |
| Fortinet | FortiPAM | 1.0.0 |
Timeline
- Jan 10, 2024 CVE Published
- Jan 10, 2024 PoC Published
- Jan 10, 2024 PoC Published
- Jan 17, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 10, 2024 EPSS Score
- May 8, 2024 EPSS Score
- Jun 5, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Jul 31, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-23-490 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-395 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-219 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-408 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-315 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-226 advisory
- https://fortiguard.com/psirt/FG-IR-23-226 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-37934 advisory