CVE-2015-7361
FortiOS 5.2.3 - Unauthenticated Remote Shell Access via ZebOS HA Management Interface
Title source: llmDescription
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033093
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
Vendor Advisory x_refsource_confirm
http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled
Scores
EPSS
0.0074
EPSS Percentile
73.0%
Details
CWE
CWE-287
Status
published
Products (1)
fortinet/fortios
5.2.3
Published
Oct 15, 2015
Tracked Since
Feb 18, 2026