CVE-2015-7361

Name of the Vulnerable Software and Affected Versions FortiOS version 5.2.3

Description The issue is related to errors in the authentication mechanism of FortiOS. When configured to use High Availability (HA) and the dedicated management interface is enabled, it does not require authentication for access to the ZebOS shell on the HA dedicated management interface. This allows remote attackers to obtain shell access, potentially leading to unauthorized access.

Recommendations For FortiOS version 5.2.3, consider disabling the dedicated management interface until a patch is available to prevent unauthorized access to the ZebOS shell. Restrict access to the HA dedicated management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.