Vulnerability Description
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortimanager Firmware | 5.0.0 |
| Fortinet | Fortimanager 2000E | - |
| Fortinet | Fortimanager 200D | - |
| Fortinet | Fortimanager 3000F | - |
| Fortinet | Fortimanager 300E | - |
| Fortinet | Fortimanager 3900E | - |
| Fortinet | Fortimanager 400E | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/74444
- http://www.securitytracker.com/id/1032188Third Party AdvisoryVDB Entry
- https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
- http://www.securityfocus.com/bid/74444
- http://www.securitytracker.com/id/1032188Third Party AdvisoryVDB Entry
- https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
FAQ
What is CVE-2015-3616?
CVE-2015-3616 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
How severe is CVE-2015-3616?
CVE-2015-3616 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-3616?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortimanager Firmware, Fortinet Fortimanager 2000E, Fortinet Fortimanager 200D, Fortinet Fortimanager 3000F, Fortinet Fortimanager 300E.