Sign-up

ID

VAR-201609-0039


CVE

CVE-2016-4965


TITLE

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#724487

DESCRIPTION

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to multiple information-disclosure vulnerabilities, a command-injection vulnerability and a cross-site scripting vulnerability. A remote attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or execute arbitrary commands, or gain access to sensitive information in the context of the affected device. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in Fortinet FortiWAN 4.2.4 and earlier

Trust: 2.7

sources: NVD: CVE-2016-4965 // CERT/CC: VU#724487 // JVNDB: JVNDB-2016-004868 // BID: 92779 // VULHUB: VHN-93784

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwanscope:lteversion:4.2.4

Trust: 1.0

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiwanscope:ltversion:4.2.5

Trust: 0.8

vendor:fortinetmodel:fortiwanscope:eqversion:4.2.4

Trust: 0.6

vendor:fortinetmodel:fortiwanscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#724487 // BID: 92779 // JVNDB: JVNDB-2016-004868 // CNNVD: CNNVD-201609-092 // NVD: CVE-2016-4965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4965
value: HIGH

Trust: 1.0

NVD: CVE-2016-4965
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-092
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93784
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4965
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93784
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4965
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93784 // JVNDB: JVNDB-2016-004868 // CNNVD: CNNVD-201609-092 // NVD: CVE-2016-4965

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-93784 // JVNDB: JVNDB-2016-004868 // NVD: CVE-2016-4965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-092

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201609-092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004868

PATCH
title:FortiWAN Multiple Vulnerabilitiesurl:http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Trust: 0.8
title:FortiWAN - Release Notesurl:http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Trust: 0.8
title:Fortinet FortiWAN Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63915
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004868 // 
            
            
            
            CNNVD: CNNVD-201609-092

EXTERNAL IDS
db:CERT/CCid:VU#724487
Trust: 3.6
db:NVDid:CVE-2016-4965
Trust: 2.8
db:BIDid:92779
Trust: 2.0
db:JVNid:JVNVU97260486
Trust: 0.8
db:JVNDBid:JVNDB-2016-004868
Trust: 0.8
db:CNNVDid:CNNVD-201609-092
Trust: 0.7
db:VULHUBid:VHN-93784
Trust: 0.1
sources:
            
            
            CERT/CC: VU#724487 // 
            
            
            
            VULHUB: VHN-93784 // 
            
            
            
            BID: 92779 // 
            
            
            
            JVNDB: JVNDB-2016-004868 // 
            
            
            
            CNNVD: CNNVD-201609-092 // 
            
            
            
            NVD: CVE-2016-4965

REFERENCES
url:http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Trust: 3.3
url:https://www.kb.cert.org/vuls/id/724487
Trust: 2.8
url:http://www.securityfocus.com/bid/92779
Trust: 1.7
url:http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Trust: 1.7
url:https://www.fortinet.com/products-services/products/wan-appliances/fortiwan.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4965
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97260486/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4965
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#724487 // 
            
            
            
            VULHUB: VHN-93784 // 
            
            
            
            BID: 92779 // 
            
            
            
            JVNDB: JVNDB-2016-004868 // 
            
            
            
            CNNVD: CNNVD-201609-092 // 
            
            
            
            NVD: CVE-2016-4965

CREDITS
Virgoteam (Fan-Syun Shih, Kun-Xian Lin, Yu-Chi, and Ding)
Trust: 0.9
sources:
            
            
            BID: 92779 // 
            
            
            
            CNNVD: CNNVD-201609-092

SOURCES
db:CERT/CCid:VU#724487
db:VULHUBid:VHN-93784
db:BIDid:92779
db:JVNDBid:JVNDB-2016-004868
db:CNNVDid:CNNVD-201609-092
db:NVDid:CVE-2016-4965

LAST UPDATE DATE
2025-04-13T23:17:52.755000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#724487date:2016-09-09T00:00:00
db:VULHUBid:VHN-93784date:2016-09-21T00:00:00
db:BIDid:92779date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004868date:2016-09-27T00:00:00
db:CNNVDid:CNNVD-201609-092date:2016-09-22T00:00:00
db:NVDid:CVE-2016-4965date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#724487date:2016-09-06T00:00:00
db:VULHUBid:VHN-93784date:2016-09-21T00:00:00
db:BIDid:92779date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004868date:2016-09-27T00:00:00
db:CNNVDid:CNNVD-201609-092date:2016-09-07T00:00:00
db:NVDid:CVE-2016-4965date:2016-09-21T14:25:06.673