Vulnerabilites related to fortinet - fsw-3032d
Vulnerability from fkie_nvd
Published
2016-09-09 14:05
Modified
2024-11-21 02:52
Severity ?
Summary
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiswitch | 3.4.1 | |
| fortinet | fsw-1024d | - | |
| fortinet | fsw-1048d | - | |
| fortinet | fsw-108d-poe | - | |
| fortinet | fsw-124d | - | |
| fortinet | fsw-124d-poe | - | |
| fortinet | fsw-224d-fpoe | - | |
| fortinet | fsw-224d-poe | - | |
| fortinet | fsw-248d-fpoe | - | |
| fortinet | fsw-248d-poe | - | |
| fortinet | fsw-3032d | - | |
| fortinet | fsw-424d | - | |
| fortinet | fsw-424d-fpoe | - | |
| fortinet | fsw-424d-poe | - | |
| fortinet | fsw-448d | - | |
| fortinet | fsw-448d-fpoe | - | |
| fortinet | fsw-448d-poe | - | |
| fortinet | fsw-524d | - | |
| fortinet | fsw-524d-fpoe | - | |
| fortinet | fsw-548d | - | |
| fortinet | fsw-548d-fpoe | - | |
| fortinet | fsw-r-112d-poe | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortiswitch:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9966FEF-006C-4B53-BD23-C1A2E198120A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fsw-1024d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37255733-926F-4B16-B666-B82F14954EF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-1048d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E922FF-814D-4628-9614-CAA3DC5E0EFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-108d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2CC3BB-1CB3-4BFF-B17D-E6F39C72A4B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-124d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7644062C-9184-4571-BB79-3F7EB1268B0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-124d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC18CF8-E681-42BE-8A23-B4F5BCF0FEFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-224d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21DD69F1-148C-469D-A770-CEB455651199",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-224d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F11EBD57-7461-4297-B079-70C284D4B671",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-248d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402DA9E5-67A9-48BB-9048-F5E54A3F6A68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-248d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCE8FEF-0D56-480E-83B6-6A605AAC0C4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-3032d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D5E8F0-F666-4986-91EA-2FBF0A56B681",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-424d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7004E68-27DF-4566-B24E-0EEE37ECCBF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-424d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "981DB20F-BA49-44ED-A45F-87E14F90106D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-424d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7712747-805F-4F72-B2F2-454259D230BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-448d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D373416-87A4-4998-B769-07DEC2B6820D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-448d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D686D62-83DC-40B3-BDB7-15A726EC45D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-448d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16490D85-9C20-403F-B6CC-655F0983AF0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-524d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90904E99-90CB-4FA1-AEB7-8F5D00887A6F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-524d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5470897-F8F3-4ABC-8D0E-57A26556BF5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-548d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B29340F-6275-4CC8-B796-281175094A56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-548d-fpoe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8C7383-28EA-4544-88D6-49E70A2B71A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fsw-r-112d-poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D7F5A-8576-4E0D-9B4C-F3FDA74375B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account."
},
{
"lang": "es",
"value": "Modelos Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D y FSW-R-112D-POE, cuando se encuentran en un modo FortiLink administrado y actualizado a la versi\u00f3n 3.4.1, podr\u00edan permitir a atacantes remotos eludir autenticaci\u00f3n y obtener acceso administrativo a trav\u00e9s de una contrase\u00f1a vac\u00eda para la cuenta rest_admin."
}
],
"id": "CVE-2016-4573",
"lastModified": "2024-11-21T02:52:31.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-09T14:05:07.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92450"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-4573
Vulnerability from cvelistv5
Published
2016-09-09 14:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92450 | vdb-entry, x_refsource_BID | |
| http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions | x_refsource_CONFIRM | |
| https://www.themissinglink.com.au/security/advisories/cve-2016-4573 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92450"
},
{
"name": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"name": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573",
"refsource": "MISC",
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4573",
"datePublished": "2016-09-09T14:00:00",
"dateReserved": "2016-05-10T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201609-0330
Vulnerability from variot
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. Fortinet FortiSwitch are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is fixed in: FortiSwitch 3.4.2. Fortinet FortiSwitch is a security switching platform specially designed for Ethernet infrastructure and current network edge configuration from Fortinet. Security flaws exist in several Fortinet products. The following products are affected when in FortiLink managed mode and when upgrading to version 3.4.1: Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW- 248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D- FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, FSW-R-112D-POE module
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0330",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiswitch",
"scope": "eq",
"trust": 2.7,
"vendor": "fortinet",
"version": "3.4.1"
},
{
"model": "fsw-1024d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-1048d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-108d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-124d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-124d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-224d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-224d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-248d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-248d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-3032d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-424d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-424d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-424d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-448d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-448d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-448d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-524d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-524d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-548d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-548d-fpoe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fsw-r-112d-poe",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortiswitch",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.4.2"
}
],
"sources": [
{
"db": "BID",
"id": "92450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fortinet:fortiswitch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-1024d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-1048d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-108d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-124d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-124d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-224d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-224d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-248d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-248d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-3032d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-424d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-424d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-424d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-448d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-448d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-448d-poe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-524d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-524d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-548d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-548d-fpoe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fsw-r-112d-poe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emma Ferguson of The Missing Link Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4573",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4573",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93392",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4573",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4573",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4573",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-173",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93392",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93392"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. Fortinet FortiSwitch are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nThis issue is fixed in:\nFortiSwitch 3.4.2. Fortinet FortiSwitch is a security switching platform specially designed for Ethernet infrastructure and current network edge configuration from Fortinet. Security flaws exist in several Fortinet products. The following products are affected when in FortiLink managed mode and when upgrading to version 3.4.1: Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW- 248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D- FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, FSW-R-112D-POE module",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4573"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "BID",
"id": "92450"
},
{
"db": "VULHUB",
"id": "VHN-93392"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4573",
"trust": 2.8
},
{
"db": "BID",
"id": "92450",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93392",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93392"
},
{
"db": "BID",
"id": "92450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"id": "VAR-201609-0330",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93392"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:54:28.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiSwitch rest_admin account exposed under specific conditions",
"trust": 0.8,
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"title": "Fortinet FortiSwitch Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62761"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93392"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specific-conditions"
},
{
"trust": 2.0,
"url": "https://www.themissinglink.com.au/security/advisories/cve-2016-4573"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92450"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4573"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4573"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93392"
},
{
"db": "BID",
"id": "92450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93392"
},
{
"db": "BID",
"id": "92450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-93392"
},
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "92450"
},
{
"date": "2016-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"date": "2016-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"date": "2016-09-09T14:05:07.393000",
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-93392"
},
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "92450"
},
{
"date": "2016-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004583"
},
{
"date": "2016-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-173"
},
{
"date": "2024-11-21T02:52:31.423000",
"db": "NVD",
"id": "CVE-2016-4573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Fortinet FortiSwitch FSW Vulnerabilities that bypass authentication in the model",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-173"
}
],
"trust": 0.6
}
}