CVE-2017-14182

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.4.0 through 5.4.5

Description The issue is caused by insufficient input validation in the FortiOS operating system. An attacker can exploit this by sending a specially crafted string to the params parameter of the JSON web API, which can be accessed via URLs with /json, causing the web interface to become temporarily unresponsive. This can be done by an authenticated user, allowing for a denial of service.

Recommendations For FortiOS versions 5.4.0 through 5.4.5, consider restricting access to the JSON web API or disabling the params parameter until a patch is available. As a temporary workaround, avoid using the params parameter in the affected API endpoint to minimize the risk of exploitation.