CVE-2016-4966

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiwan
Vendor: CVE Published:; 21 September 2016

Summary

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.

References

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4....

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/724487

third-party-advisoryx_refsource_CERT-VN

http://fortiguard.com/advisory/fortiwan-multiple-vulnerab...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2016
Vulnerability Reserved
May 24, 2016