Kaspersky LabKLA10494KLA10494 Multiple vulnerabilities in Fortinet FortiAuthenticator
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.4%
Multiple serious vulnerabilities have been found in Fortinet FortiAuthenticator. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, inject code and read arbitrary files.
Below is a complete list of vulnerabilities
- XSS vulnerability can be exploited remotely via a specially designed operation parameter;
- An unknown vulnerability can be exploited locally via manipulations with files and commands;
- Lack of login information emcapsulation can be exploited remotely via log reading and other unknown vectors.
Original advisories
Related products
CVE list
CVE-2015-1457 warning
CVE-2015-1458 high
CVE-2015-1459 warning
CVE-2015-1455 critical
CVE-2015-1456 warning
Solution
Update to latest version!
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- RLF
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.
Affected Products
- Fortinet FortiAuthenticator versions earlier than 3.2.1
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.4%