CVE-2014-3115

medium

Published 2014-05-08 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.fortiguard.com/advisory/FG-IR-14-013/

Application impact

Vendor	Product	Versions
fortinet	fortiweb	`{"endIncluding":"5.1.4"}`
fortinet	fortiweb	`5.1.0`
fortinet	fortiweb	`5.1.1`
fortinet	fortiweb	`5.1.2`
fortinet	fortiweb	`5.1.3`

References

http://seclists.org/fulldisclosure/2014/May/30
http://www.fortiguard.com/advisory/FG-IR-14-013/
http://www.kb.cert.org/vuls/id/902790
http://www.securitytracker.com/id/1030200
http://seclists.org/fulldisclosure/2014/May/30
http://www.fortiguard.com/advisory/FG-IR-14-013/
http://www.kb.cert.org/vuls/id/902790
http://www.securitytracker.com/id/1030200

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.