CVE-2015-7361

Published: Oct 15, 2015Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

Affected (1)

Products: Fortinet: Fortios

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	Version 5.2.3

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

Source: cve@mitre.org

http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1033093

Source: cve@mitre.org

http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033093

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.