CVE-2016-7542
N/A
N/A
Summary
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiOS | 5.2.0 - 5.2.9, 5.4.1 | affected |
Weaknesses
- Information leak
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/94690
- http://fortiguard.com/advisory/FG-IR-16-050
- http://www.securitytracker.com/id/1037394
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- http://www.securityfocus.com/bid/94690
- http://fortiguard.com/advisory/FG-IR-16-050
- http://www.securitytracker.com/id/1037394
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.