Sign-up

ID

VAR-201601-0533


CVE

CVE-2016-1909


TITLE

FortiAnalyzer Vulnerabilities that can gain management access in products such as

Trust: 0.8

sources: JVNDB: JVNDB-2016-001296

DESCRIPTION

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. FortiGate running FortiOS is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. FortiOS 4.3.0 through 4.3.16, and 5.0.0 through 5.0.7 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet FortiOS 4.x versions prior to 4.3.17 and 5.0.x versions prior to 5.0.8 have a security vulnerability. The vulnerability stems from the use of hard-coded passwords for the Fortimanager_Access account

Trust: 2.07

sources: NVD: CVE-2016-1909 // JVNDB: JVNDB-2016-001296 // BID: 80581 // VULHUB: VHN-90728 // VULMON: CVE-2016-1909

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:lteversion:4.3.16

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.2.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.2.16

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.3.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.8

vendor:fortinetmodel:forticachescope:eqversion:3.0.8

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:4.1.x

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:ltversion:3.3.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.0.x

Trust: 0.8

vendor:fortinetmodel:fortianalyzerscope:eqversion:5.2.5

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:eqversion:3.3.3

Trust: 0.8

vendor:fortinetmodel:fortianalyzerscope:ltversion:5.2.x

Trust: 0.8

vendor:fortinetmodel:forticachescope:ltversion:3.0.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.6

sources: JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1909
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1909
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201601-341
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90728
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1909
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1909
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90728
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1909
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90728 // VULMON: CVE-2016-1909 // JVNDB: JVNDB-2016-001296 // CNNVD: CNNVD-201601-341 // NVD: CVE-2016-1909

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90728 // JVNDB: JVNDB-2016-001296 // NVD: CVE-2016-1909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-341

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201601-341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001296

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-90728 // 
            
            
            
            VULMON: CVE-2016-1909

PATCH
title:Multiple Products SSH Undocumented Login Vulnerabilityurl:https://fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability
Trust: 0.8
title:Brief Statement Regarding Issues Found with FortiOSurl:http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
Trust: 0.8
title:Fortinet FortiOS Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59659
Trust: 0.6
title:MS17-010url:https://github.com/oneplus-x/MS17-010 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-1909 // 
            
            
            
            JVNDB: JVNDB-2016-001296 // 
            
            
            
            CNNVD: CNNVD-201601-341

EXTERNAL IDS
db:NVDid:CVE-2016-1909
Trust: 2.9
db:PACKETSTORMid:135225
Trust: 1.8
db:SECTRACKid:1034663
Trust: 1.8
db:EXPLOIT-DBid:39224
Trust: 1.2
db:JVNDBid:JVNDB-2016-001296
Trust: 0.8
db:CNNVDid:CNNVD-201601-341
Trust: 0.7
db:BIDid:80581
Trust: 0.4
db:EXPLOIT-DBid:43386
Trust: 0.2
db:VULHUBid:VHN-90728
Trust: 0.1
db:VULMONid:CVE-2016-1909
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90728 // 
            
            
            
            VULMON: CVE-2016-1909 // 
            
            
            
            BID: 80581 // 
            
            
            
            JVNDB: JVNDB-2016-001296 // 
            
            
            
            CNNVD: CNNVD-201601-341 // 
            
            
            
            NVD: CVE-2016-1909

REFERENCES
url:http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
Trust: 1.8
url:http://seclists.org/fulldisclosure/2016/jan/26
Trust: 1.8
url:http://packetstormsecurity.com/files/135225/fortigate-os-5.0.7-ssh-backdoor.html
Trust: 1.8
url:https://twitter.com/esizkur/status/686842135501508608
Trust: 1.8
url:http://www.securitytracker.com/id/1034663
Trust: 1.8
url:http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability
Trust: 1.2
url:https://www.exploit-db.com/exploits/39224/
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1909
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1909
Trust: 0.8
url:http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability
Trust: 0.6
url:http://www.fortinet.com/products/fortigate_overview.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/fortios-cve-2016-1909
Trust: 0.1
url:https://www.exploit-db.com/exploits/43386/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/auxiliary/scanner/ssh/fortinet_backdoor
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90728 // 
            
            
            
            VULMON: CVE-2016-1909 // 
            
            
            
            BID: 80581 // 
            
            
            
            JVNDB: JVNDB-2016-001296 // 
            
            
            
            CNNVD: CNNVD-201601-341 // 
            
            
            
            NVD: CVE-2016-1909

CREDITS
operator8203
Trust: 0.3
sources:
            
            
            BID: 80581

SOURCES
db:VULHUBid:VHN-90728
db:VULMONid:CVE-2016-1909
db:BIDid:80581
db:JVNDBid:JVNDB-2016-001296
db:CNNVDid:CNNVD-201601-341
db:NVDid:CVE-2016-1909

LAST UPDATE DATE
2024-08-14T15:08:34.315000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90728date:2016-07-15T00:00:00
db:VULMONid:CVE-2016-1909date:2016-07-15T00:00:00
db:BIDid:80581date:2016-02-11T07:31:00
db:JVNDBid:JVNDB-2016-001296date:2016-05-31T00:00:00
db:CNNVDid:CNNVD-201601-341date:2016-01-25T00:00:00
db:NVDid:CVE-2016-1909date:2016-07-15T15:42:01.973

SOURCES RELEASE DATE
db:VULHUBid:VHN-90728date:2016-01-15T00:00:00
db:VULMONid:CVE-2016-1909date:2016-01-15T00:00:00
db:BIDid:80581date:2016-01-12T00:00:00
db:JVNDBid:JVNDB-2016-001296date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-341date:2016-01-18T00:00:00
db:NVDid:CVE-2016-1909date:2016-01-15T20:59:00.100