cvelistv5 - cve-2017-17539

CVE-2017-17539 (GCVE-0-2017-17539)

Vulnerability from cvelistv5 – Published: 2018-05-07 14:00 – Updated: 2024-10-25 14:32

Summary

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

Severity ?

No CVSS data available.

CWE

Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

	https://fortiguard.com/advisory/FG-IR-17-274	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104119	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	FortiWLC	Affected: 7.0.11 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:32.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-274"
          },
          {
            "name": "104119",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104119"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-17539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:11:08.330380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:32:21.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiWLC",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.11 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2018-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-10T09:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-274"
        },
        {
          "name": "104119",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104119"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2018-05-04T00:00:00",
          "ID": "CVE-2017-17539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiWLC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.11 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-274",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-274"
            },
            {
              "name": "104119",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104119"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-17539",
    "datePublished": "2018-05-07T14:00:00Z",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:32:21.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndIncluding\": \"7.0.11\", \"matchCriteriaId\": \"7337AA30-3FBE-4AC4-ABED-5B6976573E19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0\", \"versionEndIncluding\": \"8.3.3\", \"matchCriteriaId\": \"709F03A8-5B27-472A-AAAF-6D0B2BAD3099\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.\"}, {\"lang\": \"es\", \"value\": \"La presencia de una cuenta embebida en Fortinet FortiWLC en versiones 7.0.11 y anteriores permite que atacantes obtengan acceso de lectura/escritura mediante un shell remoto.\"}]",
      "id": "CVE-2017-17539",
      "lastModified": "2024-11-21T03:18:07.860",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-08T04:29:00.207",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104119\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104119\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17539\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2018-05-08T04:29:00.207\",\"lastModified\":\"2024-11-21T03:18:07.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.\"},{\"lang\":\"es\",\"value\":\"La presencia de una cuenta embebida en Fortinet FortiWLC en versiones 7.0.11 y anteriores permite que atacantes obtengan acceso de lectura/escritura mediante un shell remoto.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.0.11\",\"matchCriteriaId\":\"7337AA30-3FBE-4AC4-ABED-5B6976573E19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndIncluding\":\"8.3.3\",\"matchCriteriaId\":\"709F03A8-5B27-472A-AAAF-6D0B2BAD3099\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104119\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-274\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-17-274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104119\", \"name\": \"104119\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T20:51:32.229Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-17539\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:11:08.330380Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:18:26.587Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"FortiWLC\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.11 and earlier\"}]}], \"datePublic\": \"2018-05-04T00:00:00\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/104119\", \"name\": \"104119\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2018-05-10T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"7.0.11 and earlier\"}]}, \"product_name\": \"FortiWLC\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"name\": \"https://fortiguard.com/advisory/FG-IR-17-274\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/104119\", \"name\": \"104119\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-17539\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\", \"DATE_PUBLIC\": \"2018-05-04T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-17539\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:32:21.154Z\", \"dateReserved\": \"2017-12-11T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2018-05-07T14:00:00Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-FWCV-CV48-WPQ2

Vulnerability from github – Published: 2022-05-14 03:19 – Updated: 2022-05-14 03:19

Details

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-08T04:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.",
  "id": "GHSA-fwcv-cv48-wpq2",
  "modified": "2022-05-14T03:19:29Z",
  "published": "2022-05-14T03:19:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17539"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-17-274"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Fortinet FortiWLC. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

FortiWLC 7.x versions 7.0.11 et antérieures

FortiWLC 8.x versions 8.3.3 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-274 du 4 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eFortiWLC 7.x versions 7.0.11 et ant\u00e9rieures\u003c/li\u003e \u003c/ul\u003e \u003cul\u003e \u003cli\u003eFortiWLC 8.x versions 8.3.3 et ant\u00e9rieures\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-17540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17540"
    },
    {
      "name": "CVE-2017-17539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17539"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet FortiWLC.\nElles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiWLC",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-274 du 4 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-274"
    }
  ]
}

CERTFR-2018-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

FortiWLC 7.x versions 7.0.11 et antérieures

FortiWLC 8.x versions 8.3.3 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-274 du 4 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eFortiWLC 7.x versions 7.0.11 et ant\u00e9rieures\u003c/li\u003e \u003c/ul\u003e \u003cul\u003e \u003cli\u003eFortiWLC 8.x versions 8.3.3 et ant\u00e9rieures\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-17540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17540"
    },
    {
      "name": "CVE-2017-17539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17539"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet FortiWLC.\nElles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiWLC",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-274 du 4 mai 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-274"
    }
  ]
}

FKIE_CVE-2017-17539

Vulnerability from fkie_nvd - Published: 2018-05-08 04:29 - Updated: 2024-11-21 03:18

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/104119	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-17-274	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104119	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-17-274	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortiwlc	*
	fortinet	fortiwlc	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7337AA30-3FBE-4AC4-ABED-5B6976573E19",
              "versionEndIncluding": "7.0.11",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "709F03A8-5B27-472A-AAAF-6D0B2BAD3099",
              "versionEndIncluding": "8.3.3",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell."
    },
    {
      "lang": "es",
      "value": "La presencia de una cuenta embebida en Fortinet FortiWLC en versiones 7.0.11 y anteriores permite que atacantes obtengan acceso de lectura/escritura mediante un shell remoto."
    }
  ],
  "id": "CVE-2017-17539",
  "lastModified": "2024-11-21T03:18:07.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-08T04:29:00.207",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104119"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-274"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-10699

Vulnerability from cnvd - Published: 2018-05-31

Title

Fortinet FortiWLC硬编码账户漏洞（CNVD-2018-10699）

Description

FortiWLC是Fortinet推出的无线控制器。 7.0.11及更早版本的Fortinet FortiWLC存在硬编码账户漏洞。攻击者可通过远程shell利用该漏洞获得未经授权的读/写访问权限。

Severity

高

Patch Name

Fortinet FortiWLC硬编码账户漏洞（CNVD-2018-10699）的补丁

Patch Description

FortiWLC是Fortinet推出的无线控制器。 7.0.11及更早版本的Fortinet FortiWLC存在硬编码账户漏洞。攻击者可通过远程shell利用该漏洞获得未经授权的读/写访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://fortiguard.com/psirt/FG-IR-17-274

Reference

https://fortiguard.com/psirt/FG-IR-17-274

Impacted products

Name
Fortinet FortiWLC <=7.0.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17539"
    }
  },
  "description": "FortiWLC\u662fFortinet\u63a8\u51fa\u7684\u65e0\u7ebf\u63a7\u5236\u5668\u3002\r\n\r\n7.0.11\u53ca\u66f4\u65e9\u7248\u672c\u7684Fortinet FortiWLC\u5b58\u5728\u786c\u7f16\u7801\u8d26\u6237\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0bshell\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u672a\u7ecf\u6388\u6743\u7684\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "University of Toronto",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-17-274",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10699",
  "openTime": "2018-05-31",
  "patchDescription": "FortiWLC\u662fFortinet\u63a8\u51fa\u7684\u65e0\u7ebf\u63a7\u5236\u5668\u3002\r\n\r\n7.0.11\u53ca\u66f4\u65e9\u7248\u672c\u7684Fortinet FortiWLC\u5b58\u5728\u786c\u7f16\u7801\u8d26\u6237\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0bshell\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u672a\u7ecf\u6388\u6743\u7684\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiWLC\u786c\u7f16\u7801\u8d26\u6237\u6f0f\u6d1e\uff08CNVD-2018-10699\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiWLC \u003c=7.0.11"
  },
  "referenceLink": "https://fortiguard.com/psirt/FG-IR-17-274",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-08",
  "title": "Fortinet FortiWLC\u786c\u7f16\u7801\u8d26\u6237\u6f0f\u6d1e\uff08CNVD-2018-10699\uff09"
}

GSD-2017-17539

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

Aliases

CVE-2017-17539

Aliases

CVE-2017-17539

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17539",
    "description": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.",
    "id": "GSD-2017-17539"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17539"
      ],
      "details": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.",
      "id": "GSD-2017-17539",
      "modified": "2023-12-13T01:21:04.960883Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "DATE_PUBLIC": "2018-05-04T00:00:00",
        "ID": "CVE-2017-17539",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiWLC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.0.11 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-17-274",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-17-274"
          },
          {
            "name": "104119",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104119"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.3.3",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.11",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-17539"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-274",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-17-274"
            },
            {
              "name": "104119",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104119"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-06-12T18:13Z",
      "publishedDate": "2018-05-08T04:29Z"
    }
  }
}

VAR-201805-0224

Vulnerability from variot - Updated: 2023-12-18 12:28

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC versions 7.0.11 and earlier. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0224",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiwlc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.0"
      },
      {
        "model": "fortiwlc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.11"
      },
      {
        "model": "fortiwlc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0"
      },
      {
        "model": "fortiwlc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.3.3"
      },
      {
        "model": "fortiwlc",
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortiwlc",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "\u003c=7.0.11"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.3"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3.2"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "8.3"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0.11"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-9-1"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-9"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-8"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-7"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-10-0"
      },
      {
        "model": "fortiwlc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0-10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "BID",
        "id": "104119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.3.3",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.11",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "University of Toronto",
    "sources": [
      {
        "db": "BID",
        "id": "104119"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-17539",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-17539",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-10699",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-108571",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-17539",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17539",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-10699",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-460",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108571",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-17539",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. Fortinet FortiWLC Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiWLC is a wireless controller from Fortinet. There is a hard-coded account vulnerability in FortinetFortiWLC versions 7.0.11 and earlier. Fortinet FortiWLC is prone to multiple information-disclosure vulnerabilities. Information obtained may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "BID",
        "id": "104119"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17539",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "104119",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "db": "BID",
        "id": "104119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "id": "VAR-201805-0224",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      }
    ],
    "trust": 1.2896806
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:28:57.123000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-274",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-17-274"
      },
      {
        "title": "Patch for FortinetFortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/130775"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-17-274"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/104119"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-17-274"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17539"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17539"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/798.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "db": "BID",
        "id": "104119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "db": "BID",
        "id": "104119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "date": "2018-05-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "date": "2018-05-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "date": "2018-05-09T00:00:00",
        "db": "BID",
        "id": "104119"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "date": "2018-05-08T04:29:00.207000",
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-10699"
      },
      {
        "date": "2018-06-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108571"
      },
      {
        "date": "2018-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17539"
      },
      {
        "date": "2018-05-09T00:00:00",
        "db": "BID",
        "id": "104119"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      },
      {
        "date": "2018-06-12T18:13:24.797000",
        "db": "NVD",
        "id": "CVE-2017-17539"
      },
      {
        "date": "2018-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiWLC Vulnerabilities related to the use of hard-coded credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013365"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-460"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17539 (GCVE-0-2017-17539)

GHSA-FWCV-CV48-WPQ2

CERTFR-2018-AVI-215

Solution

CERTFR-2018-AVI-215

Solution

FKIE_CVE-2017-17539

CNVD-2018-10699

GSD-2017-17539

VAR-201805-0224

Tags

Sightings

Nomenclature