CVE-2016-7560

critical

Published 2016-10-05 · Modified 2026-05-06

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

9.8

Description

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://fortiguard.com/advisory/FG-IR-16-029

Application impact

Vendor	Product	Versions
fortinet	fortiwlc	`{"endIncluding":"6.1-2-29"}`
fortinet	fortiwlc	`7.0-9-1`
fortinet	fortiwlc	`7.0-10-0`
fortinet	fortiwlc	`8.0-5-0`
fortinet	fortiwlc	`8.1-2-0`
fortinet	fortiwlc	`8.2-4-0`

References

http://fortiguard.com/advisory/FG-IR-16-029
http://www.securityfocus.com/bid/93286
http://fortiguard.com/advisory/FG-IR-16-029
http://www.securityfocus.com/bid/93286

CWEs

CWE-798

Verify integrity in audit chain (admin only). AS-IS.