CVE-2022-41333

HIGH

FortiRecorder <6.4.3 - DoS

Title source: llm

Description

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

Exploits (2)

exploitdb WORKING POC

by Mohammed Adel · pythondoshardware

https://www.exploit-db.com/exploits/51326

View Code ZIP pw:eip

nomisec WORKING POC

by polar0x · poc

https://github.com/polar0x/CVE-2022-41333

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-388

Scores

CVSS v3 7.5

EPSS 0.2998

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (1)

fortinet/fortirecorder_firmware 6.0.0 - 6.0.11

Published Mar 07, 2023

Tracked Since Feb 18, 2026