CVE-2016-7542

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.2.x through 5.2.9 FortiOS versions 5.4.x through 5.4.1

Description The issue is caused by access control errors in the FortiOS REST API interface, allowing a remote attacker with read-only privileges to potentially disclose password information of read-write administrators. This could enable the attacker to crack the password hashes, excluding those of super-admins, stored on the appliance via the webui REST API.

Recommendations For FortiOS versions 5.2.x through 5.2.9, update to version 5.2.10 GA or later. For FortiOS versions 5.4.x through 5.4.1, update to version 5.4.2 GA or later.