CVE-2016-4573 — CRITICAL (9.8)

Vulnerability Description

Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fortinet	Fortiswitch	3.4.1
Fortinet	Fsw-1024D	-
Fortinet	Fsw-1048D	-
Fortinet	Fsw-108D-Poe	-
Fortinet	Fsw-124D	-
Fortinet	Fsw-124D-Poe	-
Fortinet	Fsw-224D-Fpoe	-
Fortinet	Fsw-224D-Poe	-
Fortinet	Fsw-248D-Fpoe	-
Fortinet	Fsw-248D-Poe	-
Fortinet	Fsw-3032D	-
Fortinet	Fsw-424D	-
Fortinet	Fsw-424D-Fpoe	-
Fortinet	Fsw-424D-Poe	-
Fortinet	Fsw-448D	-
Fortinet	Fsw-448D-Fpoe	-
Fortinet	Fsw-448D-Poe	-
Fortinet	Fsw-524D	-
Fortinet	Fsw-524D-Fpoe	-
Fortinet	Fsw-548D	-

Related Weaknesses (CWE)

CWE-264

References

http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specVendor Advisory
http://www.securityfocus.com/bid/92450
https://www.themissinglink.com.au/security/advisories/cve-2016-4573Third Party Advisory
http://fortiguard.com/advisory/fortiswitch-rest-admin-account-exposed-under-specVendor Advisory
http://www.securityfocus.com/bid/92450
https://www.themissinglink.com.au/security/advisories/cve-2016-4573Third Party Advisory

FAQ

What is CVE-2016-4573?

CVE-2016-4573 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-5...

How severe is CVE-2016-4573?

CVE-2016-4573 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-4573?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiswitch, Fortinet Fsw-1024D, Fortinet Fsw-1048D, Fortinet Fsw-108D-Poe, Fortinet Fsw-124D.