VAR-201503-0199
Vulnerability from variot - Updated: 2023-12-18 12:51Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. Multiple Fortinet products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. This may also lead to a full network compromise. Fortinet Single Sign On (FSSO) is a single sign-on solution from Fortinet. A stack-based buffer overflow vulnerability exists in the collectoragent.exe file of versions prior to FSSO build 164
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "single sign on",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "4.3"
},
{
"model": "single sign on",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "build 237"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:single_sign_on:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Enrique Nissim and Andres Lopez Luksenberg from the Core Security Exploit Writing Team.",
"sources": [
{
"db": "BID",
"id": "73206"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2281",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2281",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-389",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80242",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. Multiple Fortinet products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. This may also lead to a full network compromise. Fortinet Single Sign On (FSSO) is a single sign-on solution from Fortinet. A stack-based buffer overflow vulnerability exists in the collectoragent.exe file of versions prior to FSSO build 164",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "BID",
"id": "73206"
},
{
"db": "VULHUB",
"id": "VHN-80242"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80242",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2281",
"trust": 2.8
},
{
"db": "BID",
"id": "73206",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "119719",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "36422",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130904",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80242",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
},
{
"db": "BID",
"id": "73206"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"id": "VAR-201503-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:47.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FSSO stack-based buffer overflow",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-15-006/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow"
},
{
"trust": 1.7,
"url": "http://www.fortiguard.com/advisory/fg-ir-15-006/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/mar/111"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73206"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534918/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/2015-02-27-fsso-stack-based-buffer-overflow"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/36422/"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/119719"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2281"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2281"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80242"
},
{
"db": "BID",
"id": "73206"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80242"
},
{
"db": "BID",
"id": "73206"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-80242"
},
{
"date": "2015-03-18T00:00:00",
"db": "BID",
"id": "73206"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"date": "2015-03-19T14:59:00.070000",
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"date": "2015-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-80242"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "73206"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001892"
},
{
"date": "2018-10-09T19:56:13.467000",
"db": "NVD",
"id": "CVE-2015-2281"
},
{
"date": "2015-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet Single Sign On of collectoragent.exe Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001892"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-389"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…