ID

VAR-201504-0440


CVE

CVE-2015-3293


TITLE

FortiMail Vulnerabilities in which credentials are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002279

DESCRIPTION

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. Fortinet FortiMail is an email information security device from Fortinet, which provides information filtering engine, anti-spam and threat defense functions. A security vulnerability exists in Fortinet FortiMail versions 5.0.3 to 5.2.3

Trust: 1.71

sources: NVD: CVE-2015-3293 // JVNDB: JVNDB-2015-002279 // VULHUB: VHN-81254

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:eqversion:5.1

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.3

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.1

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.2

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.4

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.3

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.6

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.7

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.2.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2.2

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.0.3 to 5.2.3

Trust: 0.8

sources: JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3293
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3293
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-259
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81254
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3293
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81254
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // NVD: CVE-2015-3293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-259

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-259

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002279

PATCH

title:Http debug commands in FortiMail exposes users credentials to adminsurl:http://www.fortiguard.com/advisory/FG-IR-15-009/

Trust: 0.8

sources: JVNDB: JVNDB-2015-002279

EXTERNAL IDS

db:NVDid:CVE-2015-3293

Trust: 2.5

db:SECTRACKid:1032185

Trust: 1.1

db:JVNDBid:JVNDB-2015-002279

Trust: 0.8

db:CNNVDid:CNNVD-201504-259

Trust: 0.7

db:VULHUBid:VHN-81254

Trust: 0.1

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

REFERENCES

url:http://www.fortiguard.com/advisory/fg-ir-15-009/

Trust: 1.7

url:http://www.securitytracker.com/id/1032185

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3293

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3293

Trust: 0.8

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

SOURCES

db:VULHUBid:VHN-81254
db:JVNDBid:JVNDB-2015-002279
db:CNNVDid:CNNVD-201504-259
db:NVDid:CVE-2015-3293

LAST UPDATE DATE

2024-08-14T14:33:58.140000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81254date:2017-01-03T00:00:00
db:JVNDBid:JVNDB-2015-002279date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-259date:2015-04-16T00:00:00
db:NVDid:CVE-2015-3293date:2017-01-03T03:00:00.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-81254date:2015-04-14T00:00:00
db:JVNDBid:JVNDB-2015-002279date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-259date:2015-04-16T00:00:00
db:NVDid:CVE-2015-3293date:2015-04-14T18:59:07.947