Fortinet: >> Fortiwan >> 4.2.2 Security Vulnerabilities
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
CVSS Score
6.5
EPSS Score
0.019
Published
2016-09-21
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
CVSS Score
6.5
EPSS Score
0.023
Published
2016-09-21
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
CVSS Score
8.8
EPSS Score
0.077
Published
2016-09-21
Page 2