PT-2018-5626 · Fortinet · Fortiweb
Published
2018-03-20
·
Updated
2019-10-03
·
CVE-2017-14191
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiWeb versions 5.6.0 through 6.0.x
Description:
The issue is related to an Improper Access Control vulnerability. It allows an attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie when the product is under "Signed Security Mode".
Recommendations:
For Fortinet FortiWeb versions 5.6.0 through 6.0.x, update to version 6.1.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortiweb