6.5

CVE-2016-4968

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiwan Version <= 4.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.68% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Third Party Advisory
Release Notes
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Third Party Advisory
http://www.securityfocus.com/bid/92779
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/724487
Third Party Advisory
US Government Resource