Information disclosure in Fortinet Fortiauthenticator

CVE-2015-1457

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.

Vulnerability class: Information Disclosure

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortiauthenticator — versions 3.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (Exploit, x_refsource_MISC)
fortinetfortiauthenticator-dig-info-disc(100560) (vdb-entry, x_refsource_XF)
72378 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)