Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2303
Multiple vulnerabilities have been identified in Fortinet FortiWLC
3 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Fortinet FortiWLC
Publisher: Fortiguard
Operating System: Network Appliance
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-7561 CVE-2016-7560
Original Bulletin:
http://fortiguard.com/advisory/FG-IR-16-029
http://fortiguard.com/advisory/FG-IR-16-030
Comment: This bulletin contains two (2) Fortiguard security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
FortiWLC Undocumented Hardcoded Rsync Account
Info
Risk
5 Critical
Date
Sep 30 2016
Impact
Unauthorized read/write remote access
CVE ID
CVE-2016-7560
Fixed In Firmware
Patches (details see solutions)
FortiWLC runs a rsyncd server, historically used for High-Availability
purpose. This server comes with a hardcoded account, which has read/write
privileges over various parts of the system.
Impact
Unauthorized read/write remote access
Affected Products
FortiWLC 6.1-2-29 and below, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0
Risk
5 Critical
Solutions
Depending on your version, apply the following patches:
Below 6.1-2-29
Update to 7.0-10-0 or above, and apply the corresponding patch.
6.1-2-29
meru-6.1-2-29-patch-bug0388397
7.0-9-1:
meru-7.0-9-1-patch-bug0388397
7.0-10-0:
meru-7.0-10-0-patch-bug0388397
8.0-5-0:
meru-8.0-5-0-patch-bug0388397
8.1-2-0:
meru-8.1-2-0-patch-bug0388397
8.2-4-0:
meru-8.2-4-0-patch-bug0388397
Acknowledgement
Fortinet is pleased to thank University of Toronto for reporting this
vulnerability under responsible disclosure.
- ---
FortiWLC PAM.log authenticated user information exposure
Info
Risk
4 High
Date
Sep 30 2016
Impact
User credential exposure
CVE ID
CVE-2016-7561
Fixed In Firmware
Patches (details see solutions)
The pam.log file generated by FortiWLC contains authenticated users
credentials (local admin and users authenticated against external servers).
Users with admin privileges can access the pam.log file and read the
credentials.
Impact
User credential exposure
Affected Products
FortiWLC 6.1-2-29 and below, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0
Risk
4 High
Solutions
Depending on your version, apply the following patches:
Below 6.1-2-29
Update to 7.0-10-0 or above, and apply the corresponding patch.
6.1-2-29
meru-6.1-2-29-patch-bug0388249
7.0-9-1:
meru-7.0-9-1-patch-bug0388249
7.0-10-0:
meru-7.0-10-0-patch-bug0388249
8.0-5-0:
meru-8.0-5-0-patch-bug0388249
8.1-2-0:
meru-8.1-2-0-patch-bug0388249
8.2-4-0:
meru-8.2-4-0-patch-bug0388249
Acknowledgement
Fortinet is pleased to thank University of Toronto for reporting this
vulnerability under responsible disclosure.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV/GlZYx+lLeg9Ub1AQjw9BAAhP++ewigL7k5DAdMxAMQ8NgOBV8E/7rf
UvJAM2NccBcmZJAX1p4E18XeaLeY8xlZY4+0xS0N0q9aFk7Oh+XUNOW2MSmY3HaH
RfN5L9K+smHDPsM5NndOEc0W2Z2XQmEPcTbvXqQy6nmtPd0tEHOQG/cSTGqZW0Uc
gonsXvyIL5jtISGSAG+Ueck7FjQ/TYVtffUXFAGCTtHpU4VoFfdKbXRZR+ZfdoFJ
oPbKcbjG2nbH/CTI+FJi93E5+WgVdEMktCJCfDiiZcDUfji2BDuuIMdq+hvZTKZX
X+f1UuZLEDV6jn/cFpxl0rdE2egRukSVUMqboT3rmfuLiyJ5Sx3ulkmZ9dS4wugR
hrMIYZzn263afv2DoeQiwsOeN4mgxs4y2BVUGGFIEW59WwRH+MfrZcfXfgCVwRnx
EFds+ss77y+ugKTHqMJ2dM/fVR79SOWZPqi+oNqp3+eS9DpQeWXwI8kug9ATVGmh
ryL3qA5FWWZ6PamG7xnSn0i+wwsiibeqhAiD0yXf8a/DoEI5DpV1wg+U5okxDUoX
rKIWTTCgW15NOUeCBJps6BPxzI4FjZ31knZxAEM94MlBk6B9EY0bZTzz5AllaUMX
Usx7mt1EdMe6s4Q5++3wR5WvSX6EWNCeI2tEQExrVr4VKpc/GcpqqtGKLJ2m7bQB
pureNRerDlU=
=JVMW
-----END PGP SIGNATURE-----