CVE-2015-7361
First published: Thu Oct 15 2015(Updated: )
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS | =5.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7361?
CVE-2015-7361 is considered a high severity vulnerability due to the ability for remote attackers to gain unauthorized access to the ZebOS shell.
How do I fix CVE-2015-7361?
To address CVE-2015-7361, disable the dedicated management interface or implement strong access controls to restrict unauthorized access.
What systems are affected by CVE-2015-7361?
CVE-2015-7361 specifically affects FortiOS version 5.2.3 when configured for High Availability.
Can CVE-2015-7361 be exploited remotely?
Yes, CVE-2015-7361 can be exploited remotely by attackers who target the vulnerable dedicated management interface.
What happens if CVE-2015-7361 is not patched?
If CVE-2015-7361 is not patched, attackers can gain shell access and potentially compromise the device and network.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortios
- version/fortios/5.2.3