CVE-2016-4968

MEDIUM

FortiWan < 4.2.5 - Authenticated Administrator Cookie Exposure via linkreport/tmp/admin_global

Title source: llm

Description

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92779

Release Notes, Third Party Advisory x_refsource_confirm

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/724487

Third Party Advisory x_refsource_confirm

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Scores

CVSS v3 6.5

EPSS 0.0349

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

fortinet/fortiwan < 4.2.4

Published Sep 21, 2016

Tracked Since Feb 18, 2026