CVE-2017-7336 WLM hardcoded account named upgrade Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-115 Final 1 1 2017-06-30T00:00:00 Current version 2017-06-30T00:00:00 2017-06-30T00:00:00 FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raising potential further security issues. Improper access control FortiWLM version 8.3.0 and lower. Upgrade to FortiWLM version 8.3.1 Fortinet is pleased to thank Adam Piekarzewski, University of Toronto for reporting this vulnerability under responsible disclosure. CVE-2017-7336 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-115 CVE-2017-7336 WLM hardcoded account named upgrade Reference>