Node.js crash over administrative interface

Summary

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.1 may allow an unauthenticated attacker to perform a temporary denial of service attack on the administrative interface via crafted HTTP requests.

Version Affected Solution
FortiOS 7.4 7.4.1 Upgrade to 7.4.2 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Acknowledgement

Internally discovered and reported by Theo Leleu of Fortinet Product Security team.

Timeline

2024-05-14: Initial publication