Description
Multiple serious vulnerabilities have been found in Fortinet FortiAuthenticator. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, inject code and read arbitrary files.
Below is a complete list of vulnerabilities
- XSS vulnerability can be exploited remotely via a specially designed operation parameter;
- An unknown vulnerability can be exploited locally via manipulations with files and commands;
- Lack of login information emcapsulation can be exploited remotely via log reading and other unknown vectors.
Original advisories
Related products
CVE list
- CVE-2015-1457 warning
- CVE-2015-1458 high
- CVE-2015-1459 warning
- CVE-2015-1455 high
- CVE-2015-1456 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!