CVE-2016-4965

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortiwan
Vendor: CVE Published:; 21 September 2016

Summary

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

References

http://www.securityfocus.com/bid/92779

vdb-entryx_refsource_BID

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4....

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/724487

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2016
Vulnerability Reserved
May 24, 2016