CVE-2014-3115

medium Fortinet
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
0.2%
Exploitation probability in 30 days
Top 56% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: May 8, 2014 (4388 days ago)
Last Modified: May 6, 2026
Vendor: Fortinet
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.

CWE

CWE-352

Affected Products

fortinet fortiweb

References

🔗 seclists.org 🔗 www.fortiguard.com 🔗 www.kb.cert.org 🔗 www.securitytracker.com 🔗 seclists.org