CVE Vulnerabilities

CVE-2016-1909

Published: Jan 15, 2016 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.

Affected Software

Name Vendor Start Version End Version
Fortios Fortinet * 4.3.16 (including)
Fortios Fortinet 5.0 (including) 5.0 (including)
Fortios Fortinet 5.0.0 (including) 5.0.0 (including)
Fortios Fortinet 5.0.1 (including) 5.0.1 (including)
Fortios Fortinet 5.0.2 (including) 5.0.2 (including)
Fortios Fortinet 5.0.3 (including) 5.0.3 (including)
Fortios Fortinet 5.0.4 (including) 5.0.4 (including)
Fortios Fortinet 5.0.5 (including) 5.0.5 (including)
Fortios Fortinet 5.0.6 (including) 5.0.6 (including)
Fortios Fortinet 5.0.7 (including) 5.0.7 (including)

References