CVE-2015-7361

Sažetak

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

Reference

http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
http://www.securitytracker.com/id/1033093

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-12-2016 - 03:12

Objavljeno

15-10-2015 - 20:59