PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-8491 Fortinet CVE debrief

CVE-2016-8491 is a critical Fortinet FortiWLC weakness tied to a hardcoded account named "core." According to the NVD record, an attacker can leverage this condition to gain unauthorized read/write access via a remote shell. The issue is network-exploitable, requires no user interaction, and is rated CVSS 9.1 with high confidentiality and integrity impact.

Vendor
Fortinet
Product
CVE-2016-8491
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-01
Original CVE updated
2026-05-13
Advisory published
2017-02-01
Advisory updated
2026-05-13

Who should care

Administrators and security teams responsible for Fortinet FortiWLC deployments, especially systems matching the affected CPE versions in the NVD record. Because the flaw can be reached remotely without authentication, internet-facing or broadly reachable management environments should treat it as urgent.

Technical summary

The NVD description identifies a hardcoded account named "core" in Fortinet FortiWLC as the root issue. The published CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates a remotely exploitable flaw with no privileges or user interaction required. The NVD vulnerability metadata lists affected FortiWLC versions including 7.0-9-1, 7.0-10-0, 8.1-2-0, 8.1-3-2, and 8.2-4-0. The weakness is categorized as CWE-798 (Use of Hard-coded Credentials).

Defensive priority

Immediate. This is a critical unauthenticated remote access issue with high confidentiality and integrity impact.

Recommended defensive actions

  • Identify whether any Fortinet FortiWLC systems match the affected versions listed in the NVD CPE criteria.
  • Prioritize isolation or restriction of management access for any exposed FortiWLC instances until remediation is confirmed.
  • Apply the vendor guidance in Fortinet advisory FG-IR-16-065 and verify the affected assets are remediated.
  • Review logs and configuration for unexpected shell access or evidence of account misuse on FortiWLC systems.
  • Treat the hardcoded-credential finding as a broader credential-management risk and review similar administrative account exposure in related network appliances.

Evidence notes

This debrief is based on the official NVD CVE record and its metadata, including the CVSS 3.0 vector, CWE-798 classification, affected FortiWLC CPE entries, and vendor-linked references. The description supplied in the record states that the hardcoded "core" account can allow unauthorized read/write access via a remote shell. Vendor and third-party references listed in the record include Fortinet advisory FG-IR-16-065 and SecurityFocus BID 94186.

Official resources

CVE published by NVD/CVE on 2017-02-01 and later modified on 2026-05-13. The supplied record cites Fortinet advisory FG-IR-16-065 and SecurityFocus BID 94186 as references.