FortiOS DoS on webUI through 'params' JSON parameter
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-17-206
Final
1
1
2017-10-24T00:00:00
Current version
2017-10-24T00:00:00
2017-10-24T00:00:00
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive.
Denial of Service (DoS)
FortiOS 5.4.0 to 5.4.5 Versions below 5.4.0 are not affected.
Upgrade to FortiOS 5.4.6 or above.
Fortinet is pleased to thank Cody ( https://code610.blogspot.com ) for reporting this vulnerability under responsible disclosure
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS DoS on webUI through 'params' JSON parameter
CVE-2017-14182
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
0
https://fortiguard.fortinet.com/psirt/FG-IR-17-206
FortiOS DoS on webUI through 'params' JSON parameter
Reference>