Improper input validation in FortiOS - CVE-2017-14182
Published: October 30, 2017
Vulnerability identifier: #VU8977
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14182
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiOS
FortiOS
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the web user interface of Fortinet FortiOS due to improper processing of user-supplied input. A remote attacker can pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) and cause the web interface to become temporarily unavailable.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the web user interface of Fortinet FortiOS due to improper processing of user-supplied input. A remote attacker can pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) and cause the web interface to become temporarily unavailable.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-14182
Update to version 5.4.6 or later.