Privilege Escalation in Fortinet FortiAuthenticator Product
CVE-2015-1458

Currently unrated

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 3 February 2015

Summary

The Fortinet FortiAuthenticator 3.0.0 has a vulnerability that allows local users to bypass intended security restrictions. By creating a specific file in the /tmp/privexec directory and executing the 'shell' command, malicious actors can gain unauthorized privileges on the device. This bypass effectively compromises the integrity of the system, highlighting the critical need for prompt security action and system updates.

References

http://packetstormsecurity.com/files/130156/Fortinet-Fort...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/100559

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/72378

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 3, 2015
Vulnerability Reserved
Feb 3, 2015