CVE-2015-1458

Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator version 3.0.0

Description The issue allows local users to bypass intended restrictions and gain privileges. This is achieved by creating a specific file, /tmp/privexec/dbgcore enable shell access, and then executing the shell command.

Recommendations For Fortinet FortiAuthenticator version 3.0.0, consider restricting access to the shell command and removing the ability to create the /tmp/privexec/dbgcore enable shell access file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.