Sign-up

ID

VAR-201610-0366


CVE

CVE-2016-7561


TITLE

Fortinet FortiWLC Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-08623 // CNNVD: CNNVD-201610-118

DESCRIPTION

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. FortinetFortiWLC is a wireless controller from Fortinet. There is a security hole in FortinetFortiWLC. FortiWLC is prone to a local information-disclosure vulnerability. The following versions are affected: FortiWLC 6.1-2-29 and prior versions FortiWLC 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0

Trust: 2.52

sources: NVD: CVE-2016-7561 // JVNDB: JVNDB-2016-005174 // CNVD: CNVD-2016-08623 // BID: 93282 // VULHUB: VHN-96381

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-08623

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwlcscope:eqversion:8.2-4-0

Trust: 3.3

vendor:fortinetmodel:fortiwlcscope:eqversion:8.1-2-0

Trust: 3.3

vendor:fortinetmodel:fortiwlcscope:eqversion:8.0-5-0

Trust: 3.3

vendor:fortinetmodel:fortiwlcscope:eqversion:7.0-9-1

Trust: 3.3

vendor:fortinetmodel:fortiwlcscope:eqversion:7.0-10-0

Trust: 3.3

vendor:fortinetmodel:fortiwlcscope:lteversion:6.1-2-29

Trust: 1.8

vendor:fortinetmodel:fortiwlcscope:eqversion:6.1-2-29

Trust: 1.5

sources: CNVD: CNVD-2016-08623 // BID: 93282 // JVNDB: JVNDB-2016-005174 // CNNVD: CNNVD-201610-118 // NVD: CVE-2016-7561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7561
value: HIGH

Trust: 1.0

NVD: CVE-2016-7561
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-08623
value: LOW

Trust: 0.6

CNNVD: CNNVD-201610-118
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96381
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7561
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08623
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-96381
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7561
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-08623 // VULHUB: VHN-96381 // JVNDB: JVNDB-2016-005174 // CNNVD: CNNVD-201610-118 // NVD: CVE-2016-7561

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-96381 // JVNDB: JVNDB-2016-005174 // NVD: CVE-2016-7561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-118

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201610-118

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005174

PATCH
title:FortiWLC PAM.log authenticated user information exposureurl:http://fortiguard.com/advisory/FG-IR-16-030
Trust: 0.8
title:FortinetFortiWLC Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/82170
Trust: 0.6
title:Fortinet FortiWLC Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64543
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08623 // 
            
            
            
            JVNDB: JVNDB-2016-005174 // 
            
            
            
            CNNVD: CNNVD-201610-118

EXTERNAL IDS
db:NVDid:CVE-2016-7561
Trust: 3.4
db:BIDid:93282
Trust: 2.0
db:AUSCERTid:ESB-2016.2303
Trust: 1.2
db:JVNDBid:JVNDB-2016-005174
Trust: 0.8
db:CNNVDid:CNNVD-201610-118
Trust: 0.7
db:CNVDid:CNVD-2016-08623
Trust: 0.6
db:VULHUBid:VHN-96381
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-08623 // 
            
            
            
            VULHUB: VHN-96381 // 
            
            
            
            BID: 93282 // 
            
            
            
            JVNDB: JVNDB-2016-005174 // 
            
            
            
            CNNVD: CNNVD-201610-118 // 
            
            
            
            NVD: CVE-2016-7561

REFERENCES
url:http://fortiguard.com/advisory/fg-ir-16-030
Trust: 2.0
url:http://www.auscert.org.au/./render.html?it=39190
Trust: 1.2
url:http://www.securityfocus.com/bid/93282
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7561
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7561
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08623 // 
            
            
            
            VULHUB: VHN-96381 // 
            
            
            
            BID: 93282 // 
            
            
            
            JVNDB: JVNDB-2016-005174 // 
            
            
            
            CNNVD: CNNVD-201610-118 // 
            
            
            
            NVD: CVE-2016-7561

CREDITS
University of Toronto
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201610-118

SOURCES
db:CNVDid:CNVD-2016-08623
db:VULHUBid:VHN-96381
db:BIDid:93282
db:JVNDBid:JVNDB-2016-005174
db:CNNVDid:CNNVD-201610-118
db:NVDid:CVE-2016-7561

LAST UPDATE DATE
2024-11-23T22:42:19.903000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08623date:2016-10-11T00:00:00
db:VULHUBid:VHN-96381date:2016-12-02T00:00:00
db:BIDid:93282date:2016-10-10T00:01:00
db:JVNDBid:JVNDB-2016-005174date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201610-118date:2016-10-11T00:00:00
db:NVDid:CVE-2016-7561date:2024-11-21T02:58:12.707

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-08623date:2016-10-11T00:00:00
db:VULHUBid:VHN-96381date:2016-10-05T00:00:00
db:BIDid:93282date:2016-09-30T00:00:00
db:JVNDBid:JVNDB-2016-005174date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201610-118date:2016-09-30T00:00:00
db:NVDid:CVE-2016-7561date:2016-10-05T16:59:08.900