Detections
Analytics

Fortinet FortiOS User Interface Default Credentials

critical Nessus Plugin ID 73532

Language:

Synopsis

The remote web service is protected using a default set of known credentials.

Description

The remote Fortinet FortiOS user interface uses a known set of default credentials. Knowing these, an attacker with access to the service can gain administrative access to the device.

Solution

Change the default admin login credentials.

See Also

http://www.nessus.org/u?bd132450

Plugin Details

Severity: Critical

ID: 73532

File Name: fortios_default_creds.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 4/15/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: www/fortios_ui

Excluded KB Items: global_settings/supplied_logins_only