FortiAnalyzer could potentially be used in NTP amplification attacks

Summary

An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server.

Affected Products

FortiAnalyzer 6.4.0, 6.2.3 and below (*)
* only models that support FortiRecorder management are impacted:
FAZ_200F
FAZ_300F
FAZ_400E
FAZ_800F.
FAZ_1000E
FAZ_1000F
FAZ_2000E
FAZ_3000F
FAZ_3500G
FAZ_3700F
FAZ_VM64
FAZ_VM64_KVM

Solutions

Upgrade to FortiAnalyzer 6.2.4 or 6.4.1