Lucene search

[email protected]CVE-2015-1457

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2015-1457

2015-02-0316:59:00

CWE-200

[email protected]

web.nvd.nist.gov

fortinet

fortiauthenticator

vulnerability

local users

arbitrary files

cve-2015-1457

nvd

6.4 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.

CPENameOperatorVersion
fortinet:fortiauthenticatorfortinet fortiauthenticatoreq3.0.0

CPE	Name	Operator	Version
fortinet:fortiauthenticator	fortinet fortiauthenticator	eq	3.0.0

References

packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html

www.fortiguard.com/advisory/FG-IR-15-003/

www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

www.securityfocus.com/bid/72378

exchange.xforce.ibmcloud.com/vulnerabilities/100560

6.4 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-1457

prion1 cvelist1 nessus1 fortinet1 openvas1 kaspersky1