Remote File Manipulation in Fortinet FortiWLC Due to Hardcoded Account
CVE-2016-7560

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortiwlc
Vendor: CVE Published:; 5 October 2016

What is CVE-2016-7560?

A vulnerability exists in the rsyncd server of Fortinet FortiWLC in certain versions. It features a hardcoded rsync account, which can be exploited by remote attackers. This weakness allows unauthorized users to gain the capability to read or write to arbitrary files within the system, potentially leading to data exposure and integrity issues. Attackers may utilize unspecified vectors to exploit this vulnerability, emphasizing the need for immediate action from users of the affected software versions.

References

http://fortiguard.com/advisory/FG-IR-16-029

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93286

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2016
Vulnerability Reserved
Sep 9, 2016