Russian Vulnerability Scanner Database

Back to List

BDU:2016-00186

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

10.0critical2.0
0246810

CVSS Score: 10.0/10

All CVSS Scores

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость операционной системы FortiOS, межсетевого экрана FortiAnalyzer, микропрограммного обеспечения коммутатора FortiSwitch связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к защищаемой информации из-за отсутствия изменения пароля для SSH-авторизации

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2016-1909

Exploits

Exploit ID: 43386

Source: exploitdb

URL: https://www.exploit-db.com/exploits/43386

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1909
http://www.exploit-db.com/exploits/39224/
http://seclists.org/fulldisclosure/2016/Jan/26
https://www.exploit-db.com/exploits/39224/
http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
http://www.securitytracker.com/id/1034663
https://twitter.com/esizkur/status/686842135501508608
http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability
http://packetstormsecurity.com/files/135225/FortiGate-OS-5.0.7-SSH-Backdoor.html

Recommendations

Source: bdu

Обновление программного обеспечения FortiOS до версий 4.3.17, 5.0.8 или более новых.

Обновление программного обеспечения FortiAnalyzer до версий 5.0.12, 5.2.5 или более новых.

Обновление программного обеспечения FortiSwitch до версии 3.3.3 или более новой

URL: https://bdu.fstec.ru/vul/2016-00186

Vulnerable Software (3)

Type: Configuration

Vendor: fortinet inc.

Product: fortianalyzer

Operating System: fortios *

Trait: 
{  "version_end_including": "5.0.11",  "version_start_including": "5.0.5"}

Source: bdu

Type: Configuration

Vendor: fortinet inc.

Product: fortianalyzer

Operating System: fortios *

Trait: 
{  "version_end_including": "5.2.4",  "version_start_including": "5.2.0"}

Source: bdu

Type: Configuration

Vendor: fortinet inc.

Product: fortiswitch

Operating System: fortios *

Trait: 
{  "version_end_including": "3.3.2",  "version_start_including": "3.3.0"}

Source: bdu

End of list