CVE-2021-32593
- EPSS 0.17%
- Veröffentlicht 06.04.2022 10:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:20
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.
CVE-2016-4969
- EPSS 0.72%
- Veröffentlicht 21.09.2016 14:25:11
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
CVE-2016-4968
- EPSS 3.49%
- Veröffentlicht 21.09.2016 14:25:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
CVE-2016-4967
- EPSS 1.93%
- Veröffentlicht 21.09.2016 14:25:09
- Zuletzt bearbeitet 12.04.2025 10:46:40
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
CVE-2016-4966
- EPSS 2.28%
- Veröffentlicht 21.09.2016 14:25:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
- EPSS 7.7%
- Veröffentlicht 21.09.2016 14:25:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.