CVE-2017-14191
First published: Tue Mar 20 2018(Updated: )
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=5.6.0<6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-14191?
The CVE-2017-14191 vulnerability is classified as having a medium severity due to its potential to allow attackers to bypass authentication mechanisms.
How do I fix CVE-2017-14191?
To fix CVE-2017-14191, upgrade Fortinet FortiWeb to version 6.1.0 or later.
What systems are affected by CVE-2017-14191?
CVE-2017-14191 affects Fortinet FortiWeb versions ranging from 5.6.0 up to, but not including, 6.1.0.
What type of vulnerability is CVE-2017-14191?
CVE-2017-14191 is an Improper Access Control vulnerability that allows cookie protection bypass.
Who can be impacted by CVE-2017-14191?
Organizations using affected versions of Fortinet FortiWeb could be compromised by attackers exploiting this vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/5.6.0