Fortiauthenticator
CVE-2015-1458
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
AnalysisAI
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Affected products include: Fortinet Fortiauthenticator.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fortiauthenticator
View allFortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Rated m
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrar
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authen
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www
Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated a
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 throug
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions befo
FortiAuthenticator 6.3 through 6.6.6 allows read-only users to modify local user accounts by uploading files to an unpro
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and be
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF valida
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today