CVE-2014-3115

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.

Published: May 8, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3115
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	5.1.0	5.1.0.x
fortinet / fortiweb	5.1.2	5.1.2.x
fortinet / fortiweb	5.1.3	5.1.3.x
fortinet / fortiweb	5.1.1	5.1.1.x
fortinet / fortiweb	-	5.1.4.x

http://seclists.org/fulldisclosure/2014/May/30
http://www.fortiguard.com/advisory/FG-IR-14-013/
http://www.kb.cert.org/vuls/id/902790
http://www.securitytracker.com/id/1030200

Vulnerability Database

289,784

CVE-2014-3115