Server side request forgery (ssrf)

The linkreport/tmp/adminglobal page in Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request...

CVE-2016-4967

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users to obtain sensitive information from 1 a backup of the device configuration via script/cfgshow.php or 2 PCAP files via script/system/tcpdump.php...

CVE-2016-4965

Fortinet FortiWan (AscernLink) before 4.2.5 is vulnerable to OS command injection via the graph parameter to diagnosis_control.php, allowing a remote authenticated user with access to nslookup to run commands as root. The vulnerability affects FortiWan’s web interface; the CVSS base metrics indic...

CVE-2016-4969

CVE-2016-4969 is a Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWAN (formerly AscernLink) before version 4.2.5. The flaw allows remote attackers to inject arbitrary web script or HTML via the IP parameter to /script/statistics/getconn.php. Fortinet’s advisory and release notes for Fo...

CVE-2016-4967

Fortinet FortiWAN (AscernLink) before 4.2.5 is affected by CVE-2016-4967: an authenticated non-admin user can disclose sensitive data by accessing /script/cfg_show.php to grab a device configuration backup or /script/system/tcpdump.php to obtain a PCAP. The issue is confirmed across multiple sour...