PT-2016-7386 · Fortinet · Fortiwlc

Publicado

2016-10-05

Atualizado

2016-12-02

CVE-2016-7560

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiWLC versions 6.1-2-29 and earlier FortiWLC version 7.0-9-1 FortiWLC version 7.0-10-0 FortiWLC version 8.0-5-0 FortiWLC version 8.1-2-0 FortiWLC version 8.2-4-0

Description The issue concerns a hardcoded rsync account in the rsyncd server, allowing remote attackers to read or write to arbitrary files.

Recommendations For FortiWLC versions 6.1-2-29 and earlier, update to a version later than 6.1-2-29 to resolve the issue. For FortiWLC version 7.0-9-1, update to a version later than 7.0-9-1 to resolve the issue. For FortiWLC version 7.0-10-0, update to a version later than 7.0-10-0 to resolve the issue. For FortiWLC version 8.0-5-0, update to a version later than 8.0-5-0 to resolve the issue. For FortiWLC version 8.1-2-0, update to a version later than 8.1-2-0 to resolve the issue. For FortiWLC version 8.2-4-0, update to a version later than 8.2-4-0 to resolve the issue.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2016-7560

Produtos afetados

Fortiwlc

PT-2016-7386 · Fortinet · Fortiwlc

CVE-2016-7560

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4