Overview
- Description
- The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 9.4
- Impact score
- 9.2
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:N
Weaknesses
- nvd@nist.gov
- CWE-798
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortiwlc:7.0-9-1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A842B7E0-7B16-4872-B18E-C05F30CD72CB"
},
{
"criteria": "cpe:2.3:h:fortinet:fortiwlc:7.0-10-0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EBCE7F9-9DA6-40BD-9266-FCF0846B6280"
},
{
"criteria": "cpe:2.3:h:fortinet:fortiwlc:8.1-2-0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41B97F50-3CE8-48F8-B24A-4AA79C255C8F"
},
{
"criteria": "cpe:2.3:h:fortinet:fortiwlc:8.1-3-2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E60189C-EE4B-4910-BD58-35AB93482F0F"
},
{
"criteria": "cpe:2.3:h:fortinet:fortiwlc:8.2-4-0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA834964-1568-48B9-9828-32C6109597B1"
}
],
"operator": "OR"
}
]
}
]