Fortinet: >> Fortiauthenticator >> 3.0.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-02-03
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
CVSS Score
6.9
EPSS Score
0.001
Published
2015-02-03
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-02-03
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-02-03
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-02-03