PT-2016-6030 · Fortinet · Fortiswitch
Emma Ferguson
·
Published
2016-09-09
·
Updated
2016-11-28
·
CVE-2016-4573
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSwitch versions 3.4.1
Description
The issue allows remote attackers to bypass authentication and gain administrative access via an empty password for the
rest admin account when the FortiSwitch models are in FortiLink managed mode.Recommendations
For version 3.4.1, consider disabling the
rest admin account until a patch is available to prevent potential exploitation. Restrict access to the administrative interface to minimize the risk of unauthorized access.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiswitch