FortiAnalyzer could potentially be used in NTP amplification attacks
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-036
Final
1
1
2020-06-22T00:00:00
Current version
2020-06-22T00:00:00
2020-06-22T00:00:00
An insufficient control of network message volume (CWE-406) vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server.
DoS, NTP amplification attacks
FortiAnalyzer 6.4.0, 6.2.3 and below (*)* only models that support FortiRecorder management are impacted:FAZ_200FFAZ_300FFAZ_400EFAZ_800F.FAZ_1000EFAZ_1000FFAZ_2000EFAZ_3000FFAZ_3500GFAZ_3700FFAZ_VM64FAZ_VM64_KVM
Upgrade to FortiAnalyzer 6.2.4 or 6.4.1
FortiRecorder 6.0.1
FortiRecorder 6.0.0
FortiRecorder 2.7.7
FortiAnalyzer 6.4.0
FortiAnalyzer 6.2.3
FortiAnalyzer could potentially be used in NTP amplification attacks
CVE-2013-5211
FortiRecorder-6.0.1
FortiRecorder-6.0.0
FortiRecorder-2.7.7
FortiAnalyzer-6.4.0
FortiAnalyzer-6.2.3
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-036
FortiAnalyzer could potentially be used in NTP amplification attacks
Reference>