Main Vulnerability Database Vulnerabilities #VU58811

Use of hard-coded credentials in FortiWLM - CVE-2017-7336

Published: December 9, 2021

Vulnerability identifier: #VU58811

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2017-7336

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiWLM

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and execute arbitrary commands with the 'upgrade' account privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-17-115

Use of hard-coded credentials in FortiWLM - CVE-2017-7336

Description

Remediation

External links

Please verify you're human