SB2016100537 - Multiple vulnerabilities in Fortinet, FortiWLC

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2016-8491)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.

2) Information disclosure (CVE-ID: CVE-2016-7561)

The vulnerability allows a remote privileged user to execute arbitrary code.

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.

3) Use of hard-coded credentials (CVE-ID: CVE-2016-7560)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/94186
• https://fortiguard.com/advisory/FG-IR-16-065
• http://fortiguard.com/advisory/FG-IR-16-030
• http://www.securityfocus.com/bid/93282
• http://fortiguard.com/advisory/FG-IR-16-029
• http://www.securityfocus.com/bid/93286