var-201703-0263
Vulnerability from variot
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiOS 5.2.0 through 5.2.9 and 5.4.1 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet in FortiOS 5.2.x prior to 5.2.10 GA and 5.4.x prior to 5.4.2 GA. An attacker could exploit this vulnerability to gain permission to write and read hashes of administrator passwords, and possibly decipher passwords
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0263", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.4.1" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.6" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.5" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.4" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.3" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.2" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.1" }, { "model": "fortios", "scope": "eq", "trust": 1.9, "vendor": "fortinet", "version": "5.2.0" }, { "model": "fortios", "scope": "eq", "trust": 1.6, "vendor": "fortinet", "version": "5.2.7" }, { "model": "fortios", "scope": "eq", "trust": 1.6, "vendor": "fortinet", "version": "5.4.0" }, { "model": "fortios", "scope": "eq", "trust": 1.3, "vendor": "fortinet", "version": "5.2.9" }, { "model": "fortios", "scope": "eq", "trust": 1.0, "vendor": "fortinet", "version": "5.2.8" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.4.2 ga" }, { "model": "fortios", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "5.4.x" }, { "model": "fortios", "scope": "eq", "trust": 0.8, "vendor": "fortinet", "version": "5.2.10 ga" }, { "model": "fortios", "scope": "lt", "trust": 0.8, "vendor": "fortinet", "version": "5.2.x" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.4.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.10" } ], "sources": [ { "db": "BID", "id": "94690" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-7542" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Bryan Schmidt.", "sources": [ { "db": "BID", "id": "94690" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ], "trust": 0.9 }, "cve": "CVE-2016-7542", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-7542", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-96362", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-7542", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-7542", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201612-096", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-96362", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-96362" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an local information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nFortinet FortiOS 5.2.0 through 5.2.9 and 5.4.1 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet in FortiOS 5.2.x prior to 5.2.10 GA and 5.4.x prior to 5.4.2 GA. An attacker could exploit this vulnerability to gain permission to write and read hashes of administrator passwords, and possibly decipher passwords", "sources": [ { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "BID", "id": "94690" }, { "db": "VULHUB", "id": "VHN-96362" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-7542", "trust": 2.8 }, { "db": "BID", "id": "94690", "trust": 2.0 }, { "db": "SECTRACK", "id": "1037394", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2016-008202", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201612-096", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-96362", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-96362" }, { "db": "BID", "id": "94690" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "id": "VAR-201703-0263", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-96362" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:57:28.590000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FortiOS Local Admin Password Hash Leak Vulnerability", "trust": 0.8, "url": "https://www.fortiguard.com/psirt/fg-ir-16-050" }, { "title": "Fortinet FortiOS Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66146" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-96362" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://fortiguard.com/advisory/fg-ir-16-050" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/94690" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1037394" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7542" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7542" }, { "trust": 0.3, "url": "http://www.fortinet.com/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-96362" }, { "db": "BID", "id": "94690" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-96362" }, { "db": "BID", "id": "94690" }, { "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "db": "NVD", "id": "CVE-2016-7542" }, { "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-30T00:00:00", "db": "VULHUB", "id": "VHN-96362" }, { "date": "2016-12-02T00:00:00", "db": "BID", "id": "94690" }, { "date": "2017-04-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "date": "2017-03-30T14:59:00.197000", "db": "NVD", "id": "CVE-2016-7542" }, { "date": "2016-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-28T00:00:00", "db": "VULHUB", "id": "VHN-96362" }, { "date": "2016-12-20T01:08:00", "db": "BID", "id": "94690" }, { "date": "2017-04-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008202" }, { "date": "2017-07-28T01:29:06.500000", "db": "NVD", "id": "CVE-2016-7542" }, { "date": "2017-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201612-096" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201612-096" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiOS Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008202" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201612-096" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.