Fortinet Discovers Denial of Service Vulnerability


Fortinet's FortiGuard Labs has discovered a denial of service vulnerability in

Box is an enterprise content management platform that solves simple and complex challenges, from sharing and accessing files on mobile devices to sophisticated business processes like data governance and retention. More than 41 million users and 74,000 businesses including 59% of the Fortune 500 trust Box to manage content in the cloud.

The vulnerability exists in Notes function. Because the "add image" function doesn't correctly process user-supplied data, an error is triggered so that the targeted Note can't be accessed any more.

Solutions has patched it. No further action is needed.


Fortinet reported the vulnerability to on March 16, 2018. confirmed the vulnerability on March 18, 2018. patched the vulnerability on March 18, 2018.


This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.