CVE-2016-4967

MEDIUM

Fortinet Fortiwan < 4.2.4 - Information Disclosure

Title source: rule

Description

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.

References (4)

[Release Notes, Third Party Advisory] http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

[Third Party Advisory] http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92779

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/724487

Scores

CVSS v3 6.5

EPSS 0.0193

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

fortinet/fortiwan < 4.2.4

n/a/n/a

Timeline

Published Sep 21, 2016

Tracked Since Feb 18, 2026