Multiple vulnerabilities in Fortinet FortiAuthenticator

Описание

Multiple serious vulnerabilities have been found in Fortinet FortiAuthenticator. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, inject code and read arbitrary files.

Below is a complete list of vulnerabilities

1. XSS vulnerability can be exploited remotely via a specially designed operation parameter;
2. An unknown vulnerability can be exploited locally via manipulations with files and commands;
3. Lack of login information emcapsulation can be exploited remotely via log reading and other unknown vectors.

Первичный источник обнаружения

• Fortinet bulletin
  

Связанные продукты

• Fortinet-FortiAuthenticator

Список CVE

• CVE-2015-1457
  warning
• CVE-2015-1458
  high
• CVE-2015-1459
  warning
• CVE-2015-1455
  critical
• CVE-2015-1456
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com