Main Vulnerability Database Vulnerabilities #VU40639

Improper Authentication in FortiOS - CVE-2015-7361

Published: October 15, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40639

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-7361

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

How to mitigate CVE-2015-7361

Install update from vendor's website.

Sources

http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
http://www.securitytracker.com/id/1033093

Improper Authentication in FortiOS - CVE-2015-7361

Detailed vulnerability description

How to mitigate CVE-2015-7361

Sources

Please verify you're human