Fortinet Discloses DoS Vulnerability in FortiAnalyzer and FortiManager API
Fortinet has disclosed a denial-of-service vulnerability in the API of FortiAnalyzer and FortiManager that allows an authenticated attacker to cause a system hang via specially crafted HTTP requests.
Fortinet has disclosed a denial-of-service vulnerability (CWE-676) in the API of FortiAnalyzer and FortiManager, tracked as FG-IR-26-137. The flaw, which carries a CVSSv3 score of 5.2, allows an authenticated attacker to trigger a system hang by sending multiple specially crafted HTTP requests that cause crashes when internal locks align. The issue was internally discovered and reported by Loic Pantano of Fortinet PSIRT.
The vulnerability stems from the use of a potentially dangerous function in the API, classified under CWE-676. An attacker with valid credentials can exploit this by sending a series of malicious HTTP requests that, when internal locks happen to align, cause the system to crash and hang. Fortinet notes that the alignment of locks is out of the attacker's control, making exploitation somewhat probabilistic but still feasible.
Affected products include FortiAnalyzer versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, and all versions of 7.2. Similarly, FortiManager versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, and all versions of 7.2 are impacted. FortiAnalyzer and FortiManager 8.0 are not affected. Fortinet has released patches for the affected versions: upgrading to FortiAnalyzer 7.6.5 or above, 7.4.9 or above, or migrating from 7.2 to a fixed release resolves the issue. The same upgrade paths apply to FortiManager.
FortiAnalyzer and FortiManager are widely deployed in enterprise and service provider environments for centralized log management, analytics, and device management of Fortinet security appliances. A denial-of-service condition on these systems could disrupt security monitoring and management operations, potentially leaving networks blind to threats during the outage. While the CVSS score is moderate, the impact on operational continuity could be significant for organizations relying on these platforms.
Fortinet has not reported any active exploitation of this vulnerability in the wild, but the disclosure includes a full advisory with mitigation steps. Administrators are urged to apply the available patches as soon as possible, especially in environments where these systems are exposed to internal networks with many authenticated users. The vulnerability highlights the ongoing challenge of ensuring safe signal handling in network management software, where race conditions can lead to instability.
This disclosure follows a pattern of vulnerabilities in enterprise management platforms that, while not always critical, can cause significant disruption. Fortinet's proactive internal discovery and responsible disclosure process demonstrates a commitment to security, but the incident serves as a reminder for organizations to keep their management infrastructure patched and to monitor for unusual API activity that could indicate exploitation attempts.