{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T18:38:01.531","vulnerabilities":[{"cve":{"id":"CVE-2017-14191","sourceIdentifier":"psirt@fortinet.com","published":"2018-03-20T13:29:00.247","lastModified":"2024-11-21T03:12:19.823","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie."},{"lang":"es","value":"Una vulnerabilidad de control de acceso inadecuado en Fortinet FortiWeb versión 5.6.0 hasta 6.1.0 en \"Signed Security Mode\", permite al atacante omitir la protección de la cookie de usuario firmada eliminando la propia cookie de sesión de protección de FortiWeb."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndExcluding":"6.1.0","matchCriteriaId":"8852A454-A129-447C-9B2E-6E16184EFA22"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103430","source":"psirt@fortinet.com","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-17-279","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-17-279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}