Fortinet: >> Fortiwlc >> 7.0-10-0 Security Vulnerabilities
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-22
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-08
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-08
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-01
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
CVSS Score
7.2
EPSS Score
0.003
Published
2016-10-05
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.026
Published
2016-10-05