PT-2016-7386 · Fortinet · Fortiwlc
Published
2016-10-05
·
Updated
2016-12-02
·
CVE-2016-7560
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FortiWLC versions 6.1-2-29 and earlier
FortiWLC version 7.0-9-1
FortiWLC version 7.0-10-0
FortiWLC version 8.0-5-0
FortiWLC version 8.1-2-0
FortiWLC version 8.2-4-0
Description
The issue concerns a hardcoded rsync account in the rsyncd server, allowing remote attackers to read or write to arbitrary files.
Recommendations
For FortiWLC versions 6.1-2-29 and earlier, update to a version later than 6.1-2-29 to resolve the issue.
For FortiWLC version 7.0-9-1, update to a version later than 7.0-9-1 to resolve the issue.
For FortiWLC version 7.0-10-0, update to a version later than 7.0-10-0 to resolve the issue.
For FortiWLC version 8.0-5-0, update to a version later than 8.0-5-0 to resolve the issue.
For FortiWLC version 8.1-2-0, update to a version later than 8.1-2-0 to resolve the issue.
For FortiWLC version 8.2-4-0, update to a version later than 8.2-4-0 to resolve the issue.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiwlc