CVE-2016-4573 Information

Feb 14, 2021 cve

Description

Fortinet FortiSwitch FSW-108D-POE FSW-124D FSW-124D-POE FSW-224D-POE FSW-224D-FPOE FSW-248D-POE FSW-248D-FPOE FSW-424D FSW-424D-POE FSW-424D-FPOE FSW-448D FSW-448D-POE FSW-448D-FPOE FSW-524D FSW-524D-FPOE FSW-548D FSW-548D-FPOE FSW-1024D FSW-1048D FSW-3032D and FSW-R-112D-POE models when in FortiLink managed mode and upgraded to 3.4.1 might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions http://www.securityfocus.com/bid/92450 https://www.themissinglink.com.au/security/advisories/cve-2016-4573

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: