ID

VAR-201703-0263


CVE

CVE-2016-7542


TITLE

FortiOS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-008202

DESCRIPTION

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiOS 5.2.0 through 5.2.9 and 5.4.1 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet in FortiOS 5.2.x prior to 5.2.10 GA and 5.4.x prior to 5.4.2 GA. An attacker could exploit this vulnerability to gain permission to write and read hashes of administrator passwords, and possibly decipher passwords

Trust: 1.98

sources: NVD: CVE-2016-7542 // JVNDB: JVNDB-2016-008202 // BID: 94690 // VULHUB: VHN-96362

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:5.4.1

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 1.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.7

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 1.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:5.4.2 ga

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.4.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10 ga

Trust: 0.8

vendor:fortinetmodel:fortiosscope:ltversion:5.2.x

Trust: 0.8

vendor:fortinetmodel:fortiosscope:neversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.2.10

Trust: 0.3

sources: BID: 94690 // JVNDB: JVNDB-2016-008202 // CNNVD: CNNVD-201612-096 // NVD: CVE-2016-7542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7542
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-7542
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-096
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96362
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7542
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96362
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7542
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96362 // JVNDB: JVNDB-2016-008202 // CNNVD: CNNVD-201612-096 // NVD: CVE-2016-7542

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-96362 // JVNDB: JVNDB-2016-008202 // NVD: CVE-2016-7542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-096

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-096

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008202

PATCH

title:FortiOS Local Admin Password Hash Leak Vulnerabilityurl:https://www.fortiguard.com/psirt/FG-IR-16-050

Trust: 0.8

title:Fortinet FortiOS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66146

Trust: 0.6

sources: JVNDB: JVNDB-2016-008202 // CNNVD: CNNVD-201612-096

EXTERNAL IDS

db:NVDid:CVE-2016-7542

Trust: 2.8

db:BIDid:94690

Trust: 2.0

db:SECTRACKid:1037394

Trust: 1.1

db:JVNDBid:JVNDB-2016-008202

Trust: 0.8

db:CNNVDid:CNNVD-201612-096

Trust: 0.7

db:VULHUBid:VHN-96362

Trust: 0.1

sources: VULHUB: VHN-96362 // BID: 94690 // JVNDB: JVNDB-2016-008202 // CNNVD: CNNVD-201612-096 // NVD: CVE-2016-7542

REFERENCES

url:http://fortiguard.com/advisory/fg-ir-16-050

Trust: 2.0

url:http://www.securityfocus.com/bid/94690

Trust: 1.7

url:http://www.securitytracker.com/id/1037394

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7542

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-7542

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

sources: VULHUB: VHN-96362 // BID: 94690 // JVNDB: JVNDB-2016-008202 // CNNVD: CNNVD-201612-096 // NVD: CVE-2016-7542

CREDITS

Bryan Schmidt.

Trust: 0.9

sources: BID: 94690 // CNNVD: CNNVD-201612-096

SOURCES

db:VULHUBid:VHN-96362
db:BIDid:94690
db:JVNDBid:JVNDB-2016-008202
db:CNNVDid:CNNVD-201612-096
db:NVDid:CVE-2016-7542

LAST UPDATE DATE

2024-08-14T14:13:34.225000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-96362date:2017-07-28T00:00:00
db:BIDid:94690date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-008202date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201612-096date:2017-03-31T00:00:00
db:NVDid:CVE-2016-7542date:2017-07-28T01:29:06.500

SOURCES RELEASE DATE

db:VULHUBid:VHN-96362date:2017-03-30T00:00:00
db:BIDid:94690date:2016-12-02T00:00:00
db:JVNDBid:JVNDB-2016-008202date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201612-096date:2016-12-08T00:00:00
db:NVDid:CVE-2016-7542date:2017-03-30T14:59:00.197