Remote File Download Vulnerability in Fortinet FortiWan
CVE-2016-4966

6.5MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortiwan
Vendor
CVE Published:
21 September 2016

Summary

The Fortinet FortiWan product suffers from a vulnerability that permits remote authenticated users to access and download sensitive PCAP files through improper handling of the UserName GET parameter on the diagnosis_control.php page. This flaw could potentially lead to unauthorized information exposure and exploitation of network traffic data, compromising the security of users' data. Ensuring that FortiWan is updated to version 4.2.5 or later is essential to mitigate this risk.

References

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4....
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/724487
third-party-advisoryx_refsource_CERT-VN
http://fortiguard.com/advisory/fortiwan-multiple-vulnerab...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.