FortiOS DoS on webUI through 'params' JSON parameter
Summary
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive.
Affected Products
FortiOS 5.4.0 to 5.4.5Versions below 5.4.0 are not affected.
Solutions
Upgrade to FortiOS 5.4.6 or above.Acknowledgement
Fortinet is pleased to thank Cody ( https://code610.blogspot.com ) for reporting this vulnerability under responsible disclosure