exploitDog

CVE-2017-14191

Опубликовано: 20 мар. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

Ссылки

http://www.securityfocus.com/bid/103430
Mitigation
Third Party Advisory
VDB Entry
https://fortiguard.com/advisory/FG-IR-17-279
Vendor Advisory
http://www.securityfocus.com/bid/103430
Mitigation
Third Party Advisory
VDB Entry
https://fortiguard.com/advisory/FG-IR-17-279
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

Версия от 5.6.0 (включая) до 6.1.0 (исключая)

EPSS

Процентиль: 44%

0.00218

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5xg4-jxh8-j4g8

CVSS3: 5.9

github

больше 3 лет назад

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

EPSS

Процентиль: 44%

0.00218

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo