CVEFinder.io

CVE-2023-26209

ℹ️ low
🔍 Scan for this CVE
Summary

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

CVSS Score
3.7
Low
EPSS Score
7.3
Exploit Probability
Published Date
2023-03-09
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.0% of all 321,566 vulnerabilities in our database.

#308,694
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 22, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-307

📦 Affected Products 1

Vendor Product Status Affected Versions
fortinet fortideceptor Affected
≥ 1.0.0 < 3.2.0

🔗 References 1

https://fortiguard.com/psirt/FG-IR-20-078
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-25690 🔶 medium 4.3 0.1 An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec... 2026-05-12
CVE-2026-25689 🔶 medium 6.5 0.0 An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec... 2026-03-10
CVE-2024-35280 🔶 medium 5.4 0.2 A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDe... 2025-01-15
CVE-2024-45326 🔶 medium 4.3 0.1 An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all... 2025-01-14
CVE-2022-27487 ⚠️ high 8.8 1.0 A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2... 2023-04-11
CVE-2022-30305 ℹ️ low 3.7 0.2 An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1... 2022-12-06
These CVEs affect the same products