CVE-2017-17539

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwlcFortinet, Inc. Fortiwlc
Timeline
PublishedMay 8
Latest updateMay 14

Description

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiwlc7.07.0.11+1
CVEListV5fortinet,_inc./fortiwlc7.0.11 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-fwcv-cv48-wpq2: The presence of a hardcoded account in Fortinet FortiWLC 72022-05-14
CVEList
CVE-2017-17539: The presence of a hardcoded account in Fortinet FortiWLC 72018-05-07

📋Vendor Advisories

1
Fortinet
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/w...2018-05-08
CVE-2017-17539 (CRITICAL CVSS 9.8) | The presence of a hardcoded account | cvebase.io