Lucene search

[email protected]NVD:CVE-2015-7361

HistoryOct 15, 2015 - 8:59 p.m.

CVE-2015-7361

2015-10-1520:59:01

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

Affected configurations

Nvd

Node

fortinetfortiosMatch5.2.3

VendorProductVersionCPE
fortinetfortios5.2.3cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	5.2.3	cpe:2.3:o:fortinet:fortios:5.2.3:::::::*

References

fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

www.securitytracker.com/id/1033093

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

Related for NVD:CVE-2015-7361

fortinet1 cve1 cvelist1 prion1 openvas1