fkie_nvd - fkie_cve-2015-3293

fkie_cve-2015-3293

Vulnerability from fkie_nvd

Published

2015-04-14 18:59

Modified

2024-11-21 02:29

Severity ?

Summary

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.

References

URL	Tags
cve@mitre.org	http://www.fortiguard.com/advisory/FG-IR-15-009/	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1032185
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguard.com/advisory/FG-IR-15-009/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032185

Impacted products

Vendor	Product	Version
fortinet	fortimail	5.0.3
fortinet	fortimail	5.0.4
fortinet	fortimail	5.0.5
fortinet	fortimail	5.0.6
fortinet	fortimail	5.0.7
fortinet	fortimail	5.1
fortinet	fortimail	5.1.1
fortinet	fortimail	5.1.2
fortinet	fortimail	5.1.3
fortinet	fortimail	5.1.4
fortinet	fortimail	5.2
fortinet	fortimail	5.2.1
fortinet	fortimail	5.2.2
fortinet	fortimail	5.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A59FA3B-CF8B-4088-A27F-C4939873E552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C28A60D9-64F5-4DF2-B0FE-3AA4CCD85D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6386E32B-365F-4DC8-AA77-14579BB84CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7FD9C8-F970-4949-B497-01FB3C1A2C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "90956836-650E-45B3-8BFE-46AD5FBC484E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5B9F82-F87C-47E1-AA75-1B7F001CC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E247918-2EBC-4D6D-A899-2F25EB6B077F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "863EAA3C-B10D-4211-BAD9-1CFA91F820AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F47A35-CC2A-4908-B678-FACD619EDDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD666923-7DDA-4582-BA24-EA428E6485D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F946FB0-E890-41C3-BFDC-D7734CE3DDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2C95E3-0E29-49D9-A9ED-657BC2B05CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CF2645-2997-4939-B9C0-D7A42ECAFEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4D9FF8-64D0-4EF3-A165-C86A68B36BE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the \"diag debug application httpd\" command."
    },
    {
      "lang": "es",
      "value": "FortiMail 5.0.3 hasta 5.2.3 permite a administradores remotos obtener credenciales a trav\u00e9s del comando \u0027diag debug application httpd\u0027."
    }
  ],
  "id": "CVE-2015-3293",
  "lastModified": "2024-11-21T02:29:05.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-14T18:59:07.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-009/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032185"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2015-3293

Vulnerability from cvelistv5

Published

2015-04-14 18:00