ID

VAR-201609-0330


CVE

CVE-2016-4573


TITLE

plural Fortinet FortiSwitch FSW Vulnerabilities that bypass authentication in the model

Trust: 0.8

sources: JVNDB: JVNDB-2016-004583

DESCRIPTION

Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. Fortinet FortiSwitch are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is fixed in: FortiSwitch 3.4.2. Fortinet FortiSwitch is a security switching platform specially designed for Ethernet infrastructure and current network edge configuration from Fortinet. Security flaws exist in several Fortinet products. The following products are affected when in FortiLink managed mode and when upgrading to version 3.4.1: Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW- 248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D- FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, FSW-R-112D-POE module

Trust: 1.98

sources: NVD: CVE-2016-4573 // JVNDB: JVNDB-2016-004583 // BID: 92450 // VULHUB: VHN-93392

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiswitchscope:eqversion:3.4.1

Trust: 2.7

vendor:fortinetmodel:fsw-1024dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-1048dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-108d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-124dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-124d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-224d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-224d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-248d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-248d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-3032dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-424dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-424d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-424d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-448dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-448d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-448d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-524dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-524d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-548dscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-548d-fpoescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fsw-r-112d-poescope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiswitchscope:neversion:3.4.2

Trust: 0.3

sources: BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4573
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4573
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201607-173
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93392
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4573
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93392
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4573
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93392 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-93392 // JVNDB: JVNDB-2016-004583 // NVD: CVE-2016-4573

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004583

PATCH

title:FortiSwitch rest_admin account exposed under specific conditionsurl:http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions

Trust: 0.8

title:Fortinet FortiSwitch Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62761

Trust: 0.6

sources: JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173

EXTERNAL IDS

db:NVDid:CVE-2016-4573

Trust: 2.8

db:BIDid:92450

Trust: 1.4

db:JVNDBid:JVNDB-2016-004583

Trust: 0.8

db:CNNVDid:CNNVD-201607-173

Trust: 0.7

db:VULHUBid:VHN-93392

Trust: 0.1

sources: VULHUB: VHN-93392 // BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

REFERENCES

url:http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions

Trust: 2.0

url:https://www.themissinglink.com.au/security/advisories/cve-2016-4573

Trust: 2.0

url:http://www.securityfocus.com/bid/92450

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4573

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4573

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-93392 // BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

CREDITS

Emma Ferguson of The Missing Link Security

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

SOURCES

db:VULHUBid:VHN-93392
db:BIDid:92450
db:JVNDBid:JVNDB-2016-004583
db:CNNVDid:CNNVD-201607-173
db:NVDid:CVE-2016-4573

LAST UPDATE DATE

2024-08-14T14:06:04.318000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93392date:2016-11-28T00:00:00
db:BIDid:92450date:2016-08-11T00:00:00
db:JVNDBid:JVNDB-2016-004583date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-173date:2016-10-26T00:00:00
db:NVDid:CVE-2016-4573date:2016-11-28T20:19:01.010

SOURCES RELEASE DATE

db:VULHUBid:VHN-93392date:2016-09-09T00:00:00
db:BIDid:92450date:2016-08-11T00:00:00
db:JVNDBid:JVNDB-2016-004583date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-173date:2016-07-12T00:00:00
db:NVDid:CVE-2016-4573date:2016-09-09T14:05:07.393