CVE-2016-7542 — Sensitive Information Exposure in Fortinet Fortios

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 45.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedMar 30

Latest updateMay 17

Description

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/fortios5.2.0 - 5.2.9, 5.4.1

▶NVDfortinet/fortios12 versions+11

🔴Vulnerability Details

GHSA

GHSA-67xj-hc36-xj6h: A read-only administrator on Fortinet devices with FortiOS 5↗2022-05-17

▶

CVEList

CVE-2016-7542: A read-only administrator on Fortinet devices with FortiOS 5↗2017-03-30

▶

📋Vendor Advisories

Fortinet

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have acc...↗2017-03-30

▶