6.5

CVE-2016-4966

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiwan Version <= 4.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.2% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Third Party Advisory
Release Notes
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Third Party Advisory
https://www.kb.cert.org/vuls/id/724487
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92781
Third Party Advisory
VDB Entry