Lucene search

MitreCVE-2015-2281

HistoryMar 19, 2015 - 2:59 p.m.

CVE-2015-2281

2015-03-1914:59:00

CWE-119

mitre

web.nvd.nist.gov

cve-2015-2281

buffer overflow

collectoragent.exe

fortinet

fsso

remote code execution

tcp port 8000

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.911

Percentile

98.9%

JSON

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

Affected configurations

Nvd

Node

fortinetsingle_sign_onMatch4.3

VendorProductVersionCPE
fortinetsingle_sign_on4.3cpe:2.3:a:fortinet:single_sign_on:4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	single_sign_on	4.3	cpe:2.3:a:fortinet:single_sign_on:4.3:::::::*

References

seclists.org/fulldisclosure/2015/Mar/111

www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow

www.fortiguard.com/advisory/2015-02-27-fsso-stack-based-buffer-overflow

www.fortiguard.com/advisory/FG-IR-15-006/

www.osvdb.org/119719

www.securityfocus.com/archive/1/534918/100/0/threaded

www.securityfocus.com/bid/73206

www.exploit-db.com/exploits/36422/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.911

Percentile

98.9%

JSON

Related for CVE-2015-2281