PT-2017-6680 · Fortinet · Fortimanager

Published

2017-08-11

Updated

2017-08-26

CVE-2015-3616

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 5.0.x through 5.0.10 Fortinet FortiManager versions 5.2.x through 5.2.1

Description A SQL injection issue allows remote attackers to execute arbitrary commands via unspecified parameters.

Recommendations For Fortinet FortiManager versions 5.0.x through 5.0.10, update to version 5.0.11 or later. For Fortinet FortiManager versions 5.2.x through 5.2.1, update to version 5.2.2 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-3616

Affected Products

Fortimanager

PT-2017-6680 · Fortinet · Fortimanager

CVE-2015-3616

Weakness Enumeration

Related Identifiers

Affected Products

References · 4