Fortinet FortiOS 5.2.x < 5.2.10 / 5.4.1 < 5.4.2 Local Password Hash Disclosure (FG-IR-16-050)

Low Nessus Plugin ID 97066

Synopsis

The remote host is affected by a local information disclosure vulnerability.

Description

The remote FortiGate device is running a version of FortiOS that is 5.2.x prior to 5.2.10, or else it is running version 5.4.1. It is, therefore, affected by a local information disclosure vulnerability due to a failure to properly protect password hashes stored on the device. A local attacker can exploit this to obtain password hashes of other users on the device, allowing the attacker to possibly obtain user passwords, including the passwords of super-admin users.

Solution

Upgrade to Fortinet FortiOS 5.2.10 / 5.4.2 or later.

See Also

http://fortiguard.com/advisory/FG-IR-16-050

https://labs.mwrinfosecurity.com/advisories/fortigate-hash/

https://tools.cisco.com/security/center/viewAlert.x?alertId=50993

Plugin Details

Severity: Low

ID: 97066

File Name: fortios_FG-IR-16-050.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 2017/02/08

Modified: 2018/07/12

Dependencies: 73522

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 2.3

Temporal Score: 2

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/12/02

Vulnerability Publication Date: 2016/12/02

Reference Information

CVE: CVE-2016-7542

BID: 94690