Lucene search

FortinetCVE-2017-14182

HistoryOct 27, 2017 - 1:29 p.m.

CVE-2017-14182

2017-10-2713:29:00

CWE-20

fortinet

web.nvd.nist.gov

denial of service

dos

vulnerability

fortinet

fortios

nvd

security

json

api

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.7%

JSON

A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the ‘params’ parameter of the JSON web API.

Affected configurations

Nvd

Node

fortinetfortiosMatch5.4.0

fortinetfortiosMatch5.4.1

fortinetfortiosMatch5.4.2

fortinetfortiosMatch5.4.3

fortinetfortiosMatch5.4.4

fortinetfortiosMatch5.4.5

VendorProductVersionCPE
fortinetfortios5.4.0cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
fortinetfortios5.4.1cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*
fortinetfortios5.4.2cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*
fortinetfortios5.4.3cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*
fortinetfortios5.4.4cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*
fortinetfortios5.4.5cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	5.4.0	cpe:2.3:o:fortinet:fortios:5.4.0:::::::*
fortinet	fortios	5.4.1	cpe:2.3:o:fortinet:fortios:5.4.1:::::::*
fortinet	fortios	5.4.2	cpe:2.3:o:fortinet:fortios:5.4.2:::::::*
fortinet	fortios	5.4.3	cpe:2.3:o:fortinet:fortios:5.4.3:::::::*
fortinet	fortios	5.4.4	cpe:2.3:o:fortinet:fortios:5.4.4:::::::*
fortinet	fortios	5.4.5	cpe:2.3:o:fortinet:fortios:5.4.5:::::::*

CNA Affected

[
  {
    "product": "Fortinet FortiOS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
      }
    ]
  }
]

References

code610.blogspot.com/2017/10/patch-your-fortinet-cve-2017-14182.html

www.securityfocus.com/bid/101559

www.securitytracker.com/id/1039678

fortiguard.com/psirt/FG-IR-17-206

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.7%

JSON

Related for CVE-2017-14182