PT-2015-3364 · Fortinet · Fortios

Published

2015-10-15

Updated

2016-12-03

CVE-2015-7361

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiOS version 5.2.3

Description The issue is related to errors in the authentication mechanism of FortiOS. When configured to use High Availability (HA) and the dedicated management interface is enabled, it does not require authentication for access to the ZebOS shell on the HA dedicated management interface. This allows remote attackers to obtain shell access, potentially leading to unauthorized access.

Recommendations For FortiOS version 5.2.3, consider disabling the dedicated management interface until a patch is available to prevent unauthorized access to the ZebOS shell. Restrict access to the HA dedicated management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2018-01293

CVE-2015-7361

Affected Products

Fortios

PT-2015-3364 · Fortinet · Fortios

CVE-2015-7361

Weakness Enumeration

Related Identifiers

Affected Products

References · 4