PSIRT Advisory

FortiWLC Undocumented Hardcoded core Account

Summary

FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system.

Impact

Unauthorized read/write remote access

Affected Products

FortiWLC 7.0-9-1, 7.0-10-0, 8.1-2-0, 8.1-3-2 and 8.2-4-0

Solutions

Depending on your version, apply the following patches:
7.0-9-1:
meru-7.0-9-1-patch-bug0393292
7.0-10-0:
meru-7.0-10-0-patch-bug0393292
8.1-2-0:
meru-8.1-2-0-patch-bug0393292
8.1-3-2:
meru-8.1-2-0-patch-bug0393292
8.2-4-0:
meru-8.2-4-0-patch-bug0393292

Acknowledgement

Fortinet is pleased to thank University of Toronto for reporting this vulnerability under responsible disclosure.