PSIRT Advisory

FortiOS DoS on webUI through 'params' JSON parameter

Summary

An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive.

Impact

Denial of Service (DoS)

Affected Products

FortiOS 5.4.0 to 5.4.5

Versions below 5.4.0 are not affected.

Solutions

Upgrade to FortiOS 5.4.6 or above.

Acknowledgement

Fortinet is pleased to thank Cody (https://code610.blogspot.com) for reporting this vulnerability under responsible disclosure