CVE-2016-7542

MEDIUM

Fortinet Fortios - Information Disclosure

Title source: rule

Description

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.

References (3)

[Not Applicable] http://fortiguard.com/advisory/FG-IR-16-050

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94690

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037394

Scores

CVSS v3 4.9

EPSS 0.0032

EPSS Percentile 54.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (13)

fortinet/fortios

Fortinet/FortiOS < 5.2.0 - 5.2.9, 5.4.1

Timeline

Published Mar 30, 2017

Tracked Since Feb 18, 2026