Lucene search

[email protected]CVE-2015-2281

HistoryMar 19, 2015 - 2:59 p.m.

CVE-2015-2281

2015-03-1914:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2281

buffer overflow

collectoragent.exe

fortinet

fsso

remote code execution

tcp port 8000

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.914 High

EPSS

Percentile

98.9%

JSON

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

CPENameOperatorVersion
fortinet:single_sign_onfortinet single sign oneq4.3

CPE	Name	Operator	Version
fortinet:single_sign_on	fortinet single sign on	eq	4.3

References

seclists.org/fulldisclosure/2015/Mar/111

www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow

www.fortiguard.com/advisory/2015-02-27-fsso-stack-based-buffer-overflow

www.fortiguard.com/advisory/FG-IR-15-006/

www.osvdb.org/119719

www.securityfocus.com/archive/1/534918/100/0/threaded

www.securityfocus.com/bid/73206

www.exploit-db.com/exploits/36422/

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.914 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2015-2281

checkpoint_advisories2 kaspersky1 exploitpack1 securityvulns2 prion1 fortinet1 cvelist1 zdt1 packetstorm1 coresecurity1 exploitdb1