CVE-2016-4573

FortiSwitch rest_admin account exposed under certain conditions | The Missing Link

Discovered by Emma Ferguson on behalf of The Missing Link Security

Vulnerability Details

FortiSwitch 3.4.1 introduced a user account named "rest_admin" with super_admin privileges when the FortiSwitch is configured to be managed by a FortiGate device.

The FortiSwitch needs to communicate with the FortiGate to generate a random password for the "rest_admin" account.

However if the network connection between the FortiSwitch and FortiGate cannot be established when it is rebooted twice or

downgraded to a FortiSwitch release prior to 3.4.1 then the rest_admin will be exposed with a null password.

Affected Versions

FortiOS 3.4.1 on affected FortiSwitch models

Affected FortiSwitch models that has been upgraded to 3.4.1 and later downgraded to an earlier version (tested on 3.3.0, 3.3.1, 3.3.2, 3.3.3)

Affected FortiSwitch models list:

FSW-108D-POE,FSW-124D,FSW-124D-POE

FSW-224D-POE,FSW-224D-FPOE,FSW-248D-POE,FSW-248D-FPOE

FSW-424D,FSW-424D-POE,FSW-424D-FPOE,FSW-448D,FSW-448D-POE,FSW-448D-FPOE

FSW-524D,FSW-524D-FPOE,FSW-548D,FSW-548D-FPOE

FSW-1024D,FSW-1048D

FSW-3032D

FSW-R-112D-POE

Other FortiSwitch models are not affected.

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News