Lucene search

K
fortinetFortiGuard LabsFG-IR-17-115
HistoryJun 30, 2017 - 12:00 a.m.

FortiWLM upgrade user account hard-coded credentials

2017-06-3000:00:00
FortiGuard Labs
www.fortiguard.com
13
fortiwlm
user account
hardcoded credentials
file transfer
security issues

EPSS

0.004

Percentile

72.9%

FortiWLM has a hard-coded password for its β€œupgrade” user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raising potential further security issues.

EPSS

0.004

Percentile

72.9%

Related for FG-IR-17-115