All the vulnerabilites related to Fortinet, Inc. - FortiWeb
cve-2017-14191
Vulnerability from cvelistv5
Published
2018-03-20 13:00
Modified
2024-09-16 19:00
Severity
Summary
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
References
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103430 | vdb-entry, x_refsource_BID |
| https://fortiguard.com/advisory/FG-IR-17-279 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Fortinet, Inc. | FortiWeb |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:40.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FortiWeb",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "5.6.0 and above"
}
]
}
],
"datePublic": "2018-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T15:21:25",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "103430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"DATE_PUBLIC": "2018-03-06T00:00:00",
"ID": "CVE-2017-14191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiWeb",
"version": {
"version_data": [
{
"version_value": "5.6.0 and above"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103430"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-17-279",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-14191",
"datePublished": "2018-03-20T13:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-16T19:00:31.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}