Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1458

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2015-1458
Last Modified 04 Feb 2015 12:48:49
Published 03 Feb 2015 11:59:30
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1458

Summary

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.

Vulnerable Systems

Application

  • Fortinet Fortiauthenticator 3.0.0


References

XF - fortinetfortiauthenticator-shell-sec-bypass(100559)

BID - 72378

MISC - http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

MISC - http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html


Last Updated: 27 May 2016 11:07:42