CVE-2017-14191

Published: Mar 20, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

Affected (1)

Products: Fortinet: Fortiweb

Fortinet

1 product

Fortiweb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiweb	From 5.6.0 to 6.1.0

References (4)

http://www.securityfocus.com/bid/103430

Source: psirt@fortinet.com

MitigationThird Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-279

Source: psirt@fortinet.com

Vendor Advisory

http://www.securityfocus.com/bid/103430

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-279

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.