Vulnerabilities > CVE-2017-14191 - Unspecified vulnerability in Fortinet Fortiweb

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

fortinet

NVD

Published: 2018-03-20

Updated: 2019-10-03

Summary

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiweb 5.6.0 Fortinet Fortiweb 5.6.1 Fortinet Fortiweb 5.7.0 Fortinet Fortiweb 5.7.1 Fortinet Fortiweb 5.7.2 Fortinet Fortiweb 5.8.0 Fortinet Fortiweb 5.8.1 Fortinet Fortiweb 5.8.2 Fortinet Fortiweb 5.8.3 Fortinet Fortiweb 5.8.4 Fortinet Fortiweb 5.8.5 Fortinet Fortiweb 5.8.6 Fortinet Fortiweb 5.9.0 Fortinet Fortiweb 5.9.1 Fortinet Fortiweb 5.9.2 Fortinet Fortiweb 6.0.0 Fortinet Fortiweb 6.0.1 Fortinet Fortiweb 6.0.2 Fortinet Fortiweb 6.0.3 Fortinet Fortiweb 6.0.4 Fortinet Fortiweb 6.0.5 Fortinet Fortiweb 6.0.6 Fortinet Fortiweb 6.0.7 Fortinet Fortiweb 6.0.8	24

Summary

Vulnerable Configurations

References