Fortiwan Security Vulnerabilities and Issues — Fortiwan CVE List

Lucene search

FortinetFortiwan

5 matches found

CVE•added 2016/09/21 2:25 p.m.•39 views

CVE-2016-4967

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.

6.5CVSS6.9AI score0.01933EPSS

CVE•added 2016/09/21 2:25 p.m.•37 views

CVE-2016-4965

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

9CVSS8.8AI score0.07695EPSS

CVE•added 2016/09/21 2:25 p.m.•34 views

CVE-2016-4968

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

6.5CVSS7AI score0.03494EPSS

CVE•added 2016/09/21 2:25 p.m.•30 views

CVE-2016-4966

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.

6.5CVSS6.9AI score0.02279EPSS

CVE•added 2016/09/21 2:25 p.m.•30 views

CVE-2016-4969

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.

6.1CVSS6.6AI score0.00719EPSS