CVE-2017-7336

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.9%
top 23.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwlmFortinet, Inc. Fortinet Fortiwlm
Timeline
PublishedJul 22
Latest updateMay 17

Description

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet,_inc./fortinet_fortiwlm8.3.0 and lower

🔴Vulnerability Details

2
GHSA
GHSA-rj7f-vhqh-f6h9: A hard-coded account named 'upgrade' in Fortinet FortiWLM 82022-05-17
CVEList
CVE-2017-7336: A hard-coded account named 'upgrade' in Fortinet FortiWLM 82017-07-22

📋Vendor Advisories

1
Fortinet
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in an...2017-07-22
CVE-2017-7336 (CRITICAL CVSS 9.8) | A hard-coded account named 'upgrade | cvebase.io