CVE-2015-7361

{"id": "CVE-2015-7361", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-15T20:59:01.833", "references": [{"url": "http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled", "source": "cve@mitre.org"}, {"url": "http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1033093", "source": "cve@mitre.org"}, {"url": "http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033093", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors."}, {"lang": "es", "value": "FortiOS 5.2.3, cuando se configura para usar High Availability (HA) y la interfaz de administraci\u00f3n dedicada est\u00e1 habilitada, no requiere autenticaci\u00f3n para el acceso a la shell ZebOS en la interfaz de gesti\u00f3n dedicada HA, lo que permite a atacantes remotos obtener acceso a la shell a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:36:39.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B4C672-7ED5-4113-87AE-5774D1263C0B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}