CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

CVE-2016-4965

Fortinet FortiWan (AscernLink) before 4.2.5 is vulnerable to OS command injection via the graph parameter to diagnosis_control.php, allowing a remote authenticated user with access to nslookup to run commands as root. The vulnerability affects FortiWan’s web interface; the CVSS base metrics indic...

FortiWAN Multiple Vulnerabilities

FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities. CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context...

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Overview The Fortinet FortiWAN Ascernlink network load balancer appliance contains multiple vulnerabilities. Description According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.CWE-78: Improper Neutralization of Special Elements used...