CVE-2016-4573

FortiSwitch rest_admin account exposed under certain conditions | The Missing Link

Discovered by Emma Ferguson on behalf of The Missing Link Security

Vulnerability Details

FortiSwitch 3.4.1 introduced a user account named "rest_admin" with super_admin privileges when the FortiSwitch is configured to be managed by a FortiGate device.

The FortiSwitch needs to communicate with the FortiGate to generate a random password for the "rest_admin" account.

However if the network connection between the FortiSwitch and FortiGate cannot be established when it is rebooted twice or

downgraded to a FortiSwitch release prior to 3.4.1 then the rest_admin will be exposed with a null password.

Affected Versions

FortiOS 3.4.1 on affected FortiSwitch models

Affected FortiSwitch models that has been upgraded to 3.4.1 and later downgraded to an earlier version (tested on 3.3.0, 3.3.1, 3.3.2, 3.3.3)

Affected FortiSwitch models list:

FSW-108D-POE,FSW-124D,FSW-124D-POE

FSW-224D-POE,FSW-224D-FPOE,FSW-248D-POE,FSW-248D-FPOE

FSW-424D,FSW-424D-POE,FSW-424D-FPOE,FSW-448D,FSW-448D-POE,FSW-448D-FPOE

FSW-524D,FSW-524D-FPOE,FSW-548D,FSW-548D-FPOE

FSW-1024D,FSW-1048D

FSW-3032D

FSW-R-112D-POE

Other FortiSwitch models are not affected.

Latest News

Living off the land (LotL) Attacks: How cybercriminals exploit your own tools

Living off the land (LotL) Attacks: AI and Machine Learning as your best defence

You’ve chosen a managed IT service provider – what comes next?

See All News