Sign-up

ID

VAR-201504-0440


CVE

CVE-2015-3293


TITLE

FortiMail Vulnerabilities in which credentials are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002279

DESCRIPTION

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. Fortinet FortiMail is an email information security device from Fortinet, which provides information filtering engine, anti-spam and threat defense functions. A security vulnerability exists in Fortinet FortiMail versions 5.0.3 to 5.2.3

Trust: 1.71

sources: NVD: CVE-2015-3293 // JVNDB: JVNDB-2015-002279 // VULHUB: VHN-81254

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:eqversion:5.1

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.3

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.1

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.2

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.4

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.1.3

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.6

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.0.7

Trust: 1.6

vendor:fortinetmodel:fortimailscope:eqversion:5.2.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2.2

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.2.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:5.0.3 to 5.2.3

Trust: 0.8

sources: JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3293
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3293
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-259
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81254
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3293
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81254
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // CNNVD: CNNVD-201504-259 // NVD: CVE-2015-3293

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81254 // JVNDB: JVNDB-2015-002279 // NVD: CVE-2015-3293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-259

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002279

PATCH
title:Http debug commands in FortiMail exposes users credentials to adminsurl:http://www.fortiguard.com/advisory/FG-IR-15-009/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002279

EXTERNAL IDS
db:NVDid:CVE-2015-3293
Trust: 2.5
db:SECTRACKid:1032185
Trust: 1.1
db:JVNDBid:JVNDB-2015-002279
Trust: 0.8
db:CNNVDid:CNNVD-201504-259
Trust: 0.7
db:VULHUBid:VHN-81254
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81254 // 
            
            
            
            JVNDB: JVNDB-2015-002279 // 
            
            
            
            CNNVD: CNNVD-201504-259 // 
            
            
            
            NVD: CVE-2015-3293

REFERENCES
url:http://www.fortiguard.com/advisory/fg-ir-15-009/
Trust: 1.7
url:http://www.securitytracker.com/id/1032185
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3293
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3293
Trust: 0.8
sources:
            
            
            VULHUB: VHN-81254 // 
            
            
            
            JVNDB: JVNDB-2015-002279 // 
            
            
            
            CNNVD: CNNVD-201504-259 // 
            
            
            
            NVD: CVE-2015-3293

SOURCES
db:VULHUBid:VHN-81254
db:JVNDBid:JVNDB-2015-002279
db:CNNVDid:CNNVD-201504-259
db:NVDid:CVE-2015-3293

LAST UPDATE DATE
2024-08-14T14:33:58.140000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81254date:2017-01-03T00:00:00
db:JVNDBid:JVNDB-2015-002279date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-259date:2015-04-16T00:00:00
db:NVDid:CVE-2015-3293date:2017-01-03T03:00:00.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81254date:2015-04-14T00:00:00
db:JVNDBid:JVNDB-2015-002279date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-259date:2015-04-16T00:00:00
db:NVDid:CVE-2015-3293date:2015-04-14T18:59:07.947