Details of VAR-201609-0330

ID

VAR-201609-0330

CVE

CVE-2016-4573

TITLE

plural Fortinet FortiSwitch FSW Vulnerabilities that bypass authentication in the model

Trust: 0.8

sources: JVNDB: JVNDB-2016-004583

DESCRIPTION

Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. Fortinet FortiSwitch are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is fixed in: FortiSwitch 3.4.2. Fortinet FortiSwitch is a security switching platform specially designed for Ethernet infrastructure and current network edge configuration from Fortinet. Security flaws exist in several Fortinet products. The following products are affected when in FortiLink managed mode and when upgrading to version 3.4.1: Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW- 248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D- FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, FSW-R-112D-POE module

Trust: 1.98

sources: NVD: CVE-2016-4573 // JVNDB: JVNDB-2016-004583 // BID: 92450 // VULHUB: VHN-93392

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiswitch	scope:	eq	version:	3.4.1	Trust: 2.7
vendor:	fortinet	model:	fsw-1024d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-1048d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-108d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-124d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-124d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-224d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-224d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-248d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-248d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-3032d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-424d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-424d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-424d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-448d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-448d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-448d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-524d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-524d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-548d	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-548d-fpoe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fsw-r-112d-poe	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiswitch	scope:	ne	version:	3.4.2	Trust: 0.3

sources: BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4573
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-4573
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201607-173
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-93392
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4573
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93392
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4573
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93392 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-93392 // JVNDB: JVNDB-2016-004583 // NVD: CVE-2016-4573

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004583

PATCH

title:	FortiSwitch rest_admin account exposed under specific conditions	url:	http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions	Trust: 0.8
title:	Fortinet FortiSwitch Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62761	Trust: 0.6

sources: JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4573	Trust: 2.8
db:	BID	id:	92450	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004583	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-173	Trust: 0.7
db:	VULHUB	id:	VHN-93392	Trust: 0.1

sources: VULHUB: VHN-93392 // BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

REFERENCES

url:	http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions	Trust: 2.0
url:	https://www.themissinglink.com.au/security/advisories/cve-2016-4573	Trust: 2.0
url:	http://www.securityfocus.com/bid/92450	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4573	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4573	Trust: 0.8
url:	http://www.fortinet.com/	Trust: 0.3

sources: VULHUB: VHN-93392 // BID: 92450 // JVNDB: JVNDB-2016-004583 // CNNVD: CNNVD-201607-173 // NVD: CVE-2016-4573

CREDITS

Emma Ferguson of The Missing Link Security

Trust: 0.6

sources: CNNVD: CNNVD-201607-173

SOURCES

db:	VULHUB	id:	VHN-93392
db:	BID	id:	92450
db:	JVNDB	id:	JVNDB-2016-004583
db:	CNNVD	id:	CNNVD-201607-173
db:	NVD	id:	CVE-2016-4573

LAST UPDATE DATE

2024-08-14T14:06:04.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93392	date:	2016-11-28T00:00:00
db:	BID	id:	92450	date:	2016-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-004583	date:	2016-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201607-173	date:	2016-10-26T00:00:00
db:	NVD	id:	CVE-2016-4573	date:	2016-11-28T20:19:01.010

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93392	date:	2016-09-09T00:00:00
db:	BID	id:	92450	date:	2016-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-004583	date:	2016-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201607-173	date:	2016-07-12T00:00:00
db:	NVD	id:	CVE-2016-4573	date:	2016-09-09T14:05:07.393