Lucene search

[email protected]CVE-2016-4968

HistorySep 21, 2016 - 2:25 p.m.

CVE-2016-4968

2016-09-2114:25:10

CWE-200

[email protected]

web.nvd.nist.gov

fortinet

fortiwan

cve-2016-4968

security vulnerability

admin cookies

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

Affected configurations

NVD

Node

fortinetfortiwanRange≤4.2.4

CPENameOperatorVersion
fortinet:fortiwanfortinet fortiwanle4.2.4

CPE	Name	Operator	Version
fortinet:fortiwan	fortinet fortiwan	le	4.2.4

References

docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

www.securityfocus.com/bid/92779

www.kb.cert.org/vuls/id/724487

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2016-4968

prion1 nvd1 cvelist1 cert1 fortinet1