ID

VAR-201601-0533


CVE

CVE-2016-1909


TITLE

FortiAnalyzer Vulnerabilities that can gain management access in products such as

Trust: 0.8

sources: JVNDB: JVNDB-2016-001296

DESCRIPTION

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. FortiGate running FortiOS is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. FortiOS 4.3.0 through 4.3.16, and 5.0.0 through 5.0.7 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet FortiOS 4.x versions prior to 4.3.17 and 5.0.x versions prior to 5.0.8 have a security vulnerability. The vulnerability stems from the use of hard-coded passwords for the Fortimanager_Access account

Trust: 2.07

sources: NVD: CVE-2016-1909 // JVNDB: JVNDB-2016-001296 // BID: 80581 // VULHUB: VHN-90728 // VULMON: CVE-2016-1909

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:lteversion:4.3.16

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.2.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.2.16

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.3.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.8

vendor:fortinetmodel:forticachescope:eqversion:3.0.8

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.1.x

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:ltversion:3.3.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.0.x

Trust: 0.8

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.5

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:eqversion:3.3.3

Trust: 0.8

vendor:fortinetmodel:fortianalyzerscope:ltversion:5.2.x

Trust: 0.8

vendor:fortinetmodel:forticachescope:ltversion:3.0.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.6

sources: JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1909
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1909
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201601-341
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90728
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1909
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1909
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90728
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1909
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90728 // VULMON: CVE-2016-1909 // JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90728 // JVNDB: JVNDB-2016-001296 // NVD: CVE-2016-1909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-341

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201601-341

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001296

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90728 // VULMON: CVE-2016-1909

PATCH

title:Multiple Products SSH Undocumented Login Vulnerabilityurl:https://fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability

Trust: 0.8

title:Brief Statement Regarding Issues Found with FortiOSurl:http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios

Trust: 0.8

title:Fortinet FortiOS Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59659

Trust: 0.6

title:MS17-010url:https://github.com/oneplus-x/MS17-010

Trust: 0.1

sources: VULMON: CVE-2016-1909 // JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341

EXTERNAL IDS

db:NVDid:CVE-2016-1909

Trust: 2.9

db:PACKETSTORMid:135225

Trust: 1.8

db:SECTRACKid:1034663

Trust: 1.8

db:EXPLOIT-DBid:39224

Trust: 1.2

db:JVNDBid:JVNDB-2016-001296

Trust: 0.8

db:CNNVDid:CNNVD-201601-341

Trust: 0.7

db:BIDid:80581

Trust: 0.4

db:EXPLOIT-DBid:43386

Trust: 0.2

db:VULHUBid:VHN-90728

Trust: 0.1

db:VULMONid:CVE-2016-1909

Trust: 0.1

sources: VULHUB: VHN-90728 // VULMON: CVE-2016-1909 // BID: 80581 // JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

REFERENCES

url:http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios

Trust: 1.8

url:http://seclists.org/fulldisclosure/2016/jan/26

Trust: 1.8

url:http://packetstormsecurity.com/files/135225/fortigate-os-5.0.7-ssh-backdoor.html

Trust: 1.8

url:https://twitter.com/esizkur/status/686842135501508608

Trust: 1.8

url:http://www.securitytracker.com/id/1034663

Trust: 1.8

url:http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability

Trust: 1.2

url:https://www.exploit-db.com/exploits/39224/

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1909

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1909

Trust: 0.8

url:http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability

Trust: 0.6

url:http://www.fortinet.com/products/fortigate_overview.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/fortios-cve-2016-1909

Trust: 0.1

url:https://www.exploit-db.com/exploits/43386/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/scanner/ssh/fortinet_backdoor

Trust: 0.1

sources: VULHUB: VHN-90728 // VULMON: CVE-2016-1909 // BID: 80581 // JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

CREDITS

operator8203

Trust: 0.3

sources: BID: 80581

SOURCES

db:VULHUBid:VHN-90728
db:VULMONid:CVE-2016-1909
db:BIDid:80581
db:JVNDBid:JVNDB-2016-001296
db:CNNVDid:CNNVD-201601-341
db:NVDid:CVE-2016-1909

LAST UPDATE DATE

2024-08-14T15:08:34.315000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90728date:2016-07-15T00:00:00
db:VULMONid:CVE-2016-1909date:2016-07-15T00:00:00
db:BIDid:80581date:2016-02-11T07:31:00
db:JVNDBid:JVNDB-2016-001296date:2016-05-31T00:00:00
db:CNNVDid:CNNVD-201601-341date:2016-01-25T00:00:00
db:NVDid:CVE-2016-1909date:2016-07-15T15:42:01.973

SOURCES RELEASE DATE

db:VULHUBid:VHN-90728date:2016-01-15T00:00:00
db:VULMONid:CVE-2016-1909date:2016-01-15T00:00:00
db:BIDid:80581date:2016-01-12T00:00:00
db:JVNDBid:JVNDB-2016-001296date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-341date:2016-01-18T00:00:00
db:NVDid:CVE-2016-1909date:2016-01-15T20:59:00.100