CVE-2017-14191Fortinet Fortiweb vulnerability

4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 55.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet INC Fortiweb
Timeline
PublishedMar 20
Latest updateMay 13

Description

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiweb5.6.06.1.0
CVEListV5fortinet_inc/fortiweb5.6.0 and above

🔴Vulnerability Details

2
GHSA
GHSA-5xg4-jxh8-j4g8: An Improper Access Control vulnerability in Fortinet FortiWeb 52022-05-13
CVEList
CVE-2017-14191: An Improper Access Control vulnerability in Fortinet FortiWeb 52018-03-20

📋Vendor Advisories

1
Fortinet
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security...2018-03-20
CVE-2017-14191 — Fortinet Fortiweb vulnerability | cvebase