CRITICAL 9.8 Published on 2017-07-22

CVE-2017-7336

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS 0.9% percentile 76.4%

Affected tracked apps

FortiWLM App

com.fortinet.fortiwlm

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
fortinet	fortiwlm	iOS	≤8.3.0	cpe:2.3:a:fortinet:fortiwlm::::::::

View on NVD ↗