CVE-2017-14191

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

Published: Mar 20, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-14191
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	5.6.0	6.1.0

http://www.securityfocus.com/bid/103430
https://fortiguard.com/advisory/FG-IR-17-279

Vulnerability Database

289,784

CVE-2017-14191