CVE-2016-4966

MEDIUM

Fortinet Fortiwan < 4.2.4 - Authentication Bypass

Title source: rule

Description

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.

References (4)

[Release Notes, Third Party Advisory] http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

[Third Party Advisory] http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92781

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/724487

Scores

CVSS v3 6.5

EPSS 0.0228

EPSS Percentile 84.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-287

Status draft

Affected Products (1)

fortinet/fortiwan < 4.2.4

Timeline

Published Sep 21, 2016

Tracked Since Feb 18, 2026