cve/2015/CVE-2015-7361.md

### [CVE-2015-7361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7361)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

### POC

#### Reference
- http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-7361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7361)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.`

			`### POC`

			`#### Reference`
			`- http://fortiguard.com/advisory/zebos-routing-remote-shell-service-enabled`

			`#### Github`
			`No PoCs found on GitHub currently.`