CVE-2016-4968

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiwan
Vendor: CVE Published:; 21 September 2016

Summary

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

References

http://www.securityfocus.com/bid/92779

vdb-entryx_refsource_BID

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4....

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/724487

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2016
Vulnerability Reserved
May 24, 2016