Описание
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.4.0 (включая) до 8.5.3 (исключая)
Одно из
cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlc:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlc:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlc:8.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00025
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-284
CWE-798
Связанные уязвимости
CVSS3: 6.7
github
11 месяцев назад
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.
EPSS
Процентиль: 6%
0.00025
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-284
CWE-798