Vulnerability in Fortinet Fortiauthenticator

CVE-2015-1458

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortiauthenticator — versions 3.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (Exploit, x_refsource_MISC)
fortinetfortiauthenticator-shell-sec-bypass(100559) (vdb-entry, x_refsource_XF)
72378 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)