====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN359
_____________________________________________________________________

DATE                : 24/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiAnalyzer versions prior to
                                        6.2.4, 6.4.1.

=====================================================================
https://fortiguard.com/psirt/FG-IR-20-036
_____________________________________________________________________


FortiAnalyzer could potentially be used in NTP amplification attacks


Summary

An insufficient control of network message volume (CWE-406)
vulnerability in FortiAnalyzer may allow an unauthenticated remote
attacker to perform NTP amplification attacks (thereby causing reflected
denial of service on arbitrary targets) via sending specially crafted
mode 6 queries to the FortiAnalyzer built-in NTP server.


Impact

DoS, NTP amplification attacks


Affected Products

FortiAnalyzer 6.4.0, 6.2.3 and below (*)


* only models that support FortiRecorder management are impacted:


FAZ_200F

FAZ_300F

FAZ_400E

FAZ_800F.

FAZ_1000E

FAZ_1000F

FAZ_2000E

FAZ_3000F

FAZ_3500G

FAZ_3700F

FAZ_VM64

FAZ_VM64_KVM


Solutions

Upgrade to FortiAnalyzer 6.2.4 or 6.4.1

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================