#VU8977 Improper input validation in FortiOS - CVE-2017-14182
Published: October 30, 2017
Vulnerability identifier: #VU8977
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14182
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FortiOS
FortiOS
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the web user interface of Fortinet FortiOS due to improper processing of user-supplied input. A remote attacker can pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) and cause the web interface to become temporarily unavailable.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the web user interface of Fortinet FortiOS due to improper processing of user-supplied input. A remote attacker can pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) and cause the web interface to become temporarily unavailable.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Update to version 5.4.6 or later.