CVE-2017-17540

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwlcFortinet, Inc. Fortiwlc
Timeline
PublishedMay 8
Latest updateMay 14

Description

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiwlc7.07.0.11+1
CVEListV5fortinet,_inc./fortiwlc8.3.3

🔴Vulnerability Details

2
GHSA
GHSA-7jmh-hg7g-g34f: The presence of a hardcoded account in Fortinet FortiWLC 82022-05-14
CVEList
CVE-2017-17540: The presence of a hardcoded account in Fortinet FortiWLC 82018-05-07

📋Vendor Advisories

1
Fortinet
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/w...2018-05-08
CVE-2017-17540 (CRITICAL CVSS 9.8) | The presence of a hardcoded account | cvebase.io