Vulnerabilities > Fortinet > Fortiwan
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-21 | CVE-2016-4968 | Information Exposure vulnerability in Fortinet Fortiwan The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | 6.5 |
| 2016-09-21 | CVE-2016-4967 | Information Exposure vulnerability in Fortinet Fortiwan Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. | 6.5 |
| 2016-09-21 | CVE-2016-4966 | Improper Authentication vulnerability in Fortinet Fortiwan The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | 6.5 |
| 2016-09-21 | CVE-2016-4965 | OS Command Injection vulnerability in Fortinet Fortiwan Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. | 8.8 |