Monday, 24 July 2017

On 01:21 by admin in    No comments
A vulnerability was found in Fortinet FortiWLM up to 8.3.0. It has been rated as critical. This issue affects an unknown function of the component Upgrade Account. The manipulation with an unknown input leads to a weak authentication vulnerability (Default Credentials). Using CWE to declare the problem leads to CWE-798. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 07/22/2017. The advisory is shared for download at fortiguard.com. The identification of this vulnerability is CVE-2017-7336 since 03/30/2017. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CVSSv3

VulDB Base Score7.3
VulDB Temp Score7.3
VulDB VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: High

CVSSv2

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
VulDB Temp Score6.8 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: High


CPE
  • cpe:/a:fortinet:fortiwlm:8.3.0

Exploiting

Class: Weak authentication / Default Credentials (CWE-798)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k

Countermeasures


Recommended: no mitigation known
0-Day Time: 0 days since found

Timeline

03/30/2017   CVE assigned
07/22/2017  +114 days Advisory disclosed
07/23/2017  +1 days VulDB entry created
07/23/2017  +0 days VulDB last update

0 comments:

Post a comment