Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2303 Multiple vulnerabilities have been identified in Fortinet FortiWLC 3 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Fortinet FortiWLC Publisher: Fortiguard Operating System: Network Appliance Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-7561 CVE-2016-7560 Original Bulletin: http://fortiguard.com/advisory/FG-IR-16-029 http://fortiguard.com/advisory/FG-IR-16-030 Comment: This bulletin contains two (2) Fortiguard security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- FortiWLC Undocumented Hardcoded Rsync Account Info Risk 5 Critical Date Sep 30 2016 Impact Unauthorized read/write remote access CVE ID CVE-2016-7560 Fixed In Firmware Patches (details see solutions) FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which has read/write privileges over various parts of the system. Impact Unauthorized read/write remote access Affected Products FortiWLC 6.1-2-29 and below, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 Risk 5 Critical Solutions Depending on your version, apply the following patches: Below 6.1-2-29 Update to 7.0-10-0 or above, and apply the corresponding patch. 6.1-2-29 meru-6.1-2-29-patch-bug0388397 7.0-9-1: meru-7.0-9-1-patch-bug0388397 7.0-10-0: meru-7.0-10-0-patch-bug0388397 8.0-5-0: meru-8.0-5-0-patch-bug0388397 8.1-2-0: meru-8.1-2-0-patch-bug0388397 8.2-4-0: meru-8.2-4-0-patch-bug0388397 Acknowledgement Fortinet is pleased to thank University of Toronto for reporting this vulnerability under responsible disclosure. - --- FortiWLC PAM.log authenticated user information exposure Info Risk 4 High Date Sep 30 2016 Impact User credential exposure CVE ID CVE-2016-7561 Fixed In Firmware Patches (details see solutions) The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external servers). Users with admin privileges can access the pam.log file and read the credentials. Impact User credential exposure Affected Products FortiWLC 6.1-2-29 and below, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 Risk 4 High Solutions Depending on your version, apply the following patches: Below 6.1-2-29 Update to 7.0-10-0 or above, and apply the corresponding patch. 6.1-2-29 meru-6.1-2-29-patch-bug0388249 7.0-9-1: meru-7.0-9-1-patch-bug0388249 7.0-10-0: meru-7.0-10-0-patch-bug0388249 8.0-5-0: meru-8.0-5-0-patch-bug0388249 8.1-2-0: meru-8.1-2-0-patch-bug0388249 8.2-4-0: meru-8.2-4-0-patch-bug0388249 Acknowledgement Fortinet is pleased to thank University of Toronto for reporting this vulnerability under responsible disclosure. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV/GlZYx+lLeg9Ub1AQjw9BAAhP++ewigL7k5DAdMxAMQ8NgOBV8E/7rf UvJAM2NccBcmZJAX1p4E18XeaLeY8xlZY4+0xS0N0q9aFk7Oh+XUNOW2MSmY3HaH RfN5L9K+smHDPsM5NndOEc0W2Z2XQmEPcTbvXqQy6nmtPd0tEHOQG/cSTGqZW0Uc gonsXvyIL5jtISGSAG+Ueck7FjQ/TYVtffUXFAGCTtHpU4VoFfdKbXRZR+ZfdoFJ oPbKcbjG2nbH/CTI+FJi93E5+WgVdEMktCJCfDiiZcDUfji2BDuuIMdq+hvZTKZX X+f1UuZLEDV6jn/cFpxl0rdE2egRukSVUMqboT3rmfuLiyJ5Sx3ulkmZ9dS4wugR hrMIYZzn263afv2DoeQiwsOeN4mgxs4y2BVUGGFIEW59WwRH+MfrZcfXfgCVwRnx EFds+ss77y+ugKTHqMJ2dM/fVR79SOWZPqi+oNqp3+eS9DpQeWXwI8kug9ATVGmh ryL3qA5FWWZ6PamG7xnSn0i+wwsiibeqhAiD0yXf8a/DoEI5DpV1wg+U5okxDUoX rKIWTTCgW15NOUeCBJps6BPxzI4FjZ31knZxAEM94MlBk6B9EY0bZTzz5AllaUMX Usx7mt1EdMe6s4Q5++3wR5WvSX6EWNCeI2tEQExrVr4VKpc/GcpqqtGKLJ2m7bQB pureNRerDlU= =JVMW -----END PGP SIGNATURE-----