PT-2017-3354 · Fortinet · Fortiwebmanager

Published

2017-11-22

Updated

2019-10-03

CVE-2017-14189

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiWebManager version 5.8.0

Description The issue is related to an improper access control in the admin webUI, allowing unauthorized access to the system using the admin account, regardless of the password provided. This can be exploited by a remote attacker with access to the web interface, potentially leading to unauthorized system access.

Recommendations For FortiWebManager version 5.8.0, consider restricting access to the admin webUI until a fix is available. As a temporary workaround, limit the use of the admin account to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-521

Related Identifiers

BDU:2018-00125

CVE-2017-14189

Affected Products

Fortiwebmanager

PT-2017-3354 · Fortinet · Fortiwebmanager

CVE-2017-14189

Weakness Enumeration

Related Identifiers

Affected Products

References · 6