CVE-2015-7361

Fortinet Fortios - Authentication Bypass

Title source: rule

Description

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

References (3)

[Vendor Advisory] http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033093

[Vendor Advisory] http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

Scores

EPSS 0.0074

EPSS Percentile 72.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

fortinet/fortios

Timeline

Published Oct 15, 2015

Tracked Since Feb 18, 2026