CVE-2016-7560

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

2.6%

top 14.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwlc

Timeline

PublishedOct 5

Latest updateMay 17

Description

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDfortinet/fortiwlc6.1-2-29+5

🔴Vulnerability Details

GHSA

GHSA-9rp6-892m-5v7j: The rsyncd server in Fortinet FortiWLC 6↗2022-05-17

▶

CVEList

CVE-2016-7560: The rsyncd server in Fortinet FortiWLC 6↗2016-10-05

▶

OSV

samba vulnerabilities↗2016-03-08

▶