Sign-up

ID

VAR-201609-0040


CVE

CVE-2016-4966


TITLE

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#724487

DESCRIPTION

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to an authentication bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtain sensitive information. This may lead to further attacks. Versions prior to FortiWAN 4.2.5 are vulnerable. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in the diagnosis_control.php page in Fortinet FortiWAN 4.2.4 and earlier

Trust: 2.7

sources: NVD: CVE-2016-4966 // CERT/CC: VU#724487 // JVNDB: JVNDB-2016-004869 // BID: 92781 // VULHUB: VHN-93785

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwanscope:lteversion:4.2.4

Trust: 1.0

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiwanscope:ltversion:4.2.5

Trust: 0.8

vendor:fortinetmodel:fortiwanscope:eqversion:4.2.4

Trust: 0.6

vendor:fortinetmodel:fortiwanscope:eqversion:4.2

Trust: 0.3

vendor:fortinetmodel:fortiwanscope:eqversion:4.1

Trust: 0.3

vendor:fortinetmodel:fortiwanscope:eqversion:4.0

Trust: 0.3

vendor:fortinetmodel:fortiwanscope:neversion:4.2.5

Trust: 0.3

sources: CERT/CC: VU#724487 // BID: 92781 // JVNDB: JVNDB-2016-004869 // CNNVD: CNNVD-201609-093 // NVD: CVE-2016-4966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4966
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4966
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-093
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93785
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4966
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93785
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4966
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93785 // JVNDB: JVNDB-2016-004869 // CNNVD: CNNVD-201609-093 // NVD: CVE-2016-4966

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-93785 // JVNDB: JVNDB-2016-004869 // NVD: CVE-2016-4966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-093

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201609-093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004869

PATCH
title:FortiWAN Multiple Vulnerabilitiesurl:http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Trust: 0.8
title:FortiWAN - Release Notesurl:http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Trust: 0.8
title:Fortinet FortiWAN Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63916
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004869 // 
            
            
            
            CNNVD: CNNVD-201609-093

EXTERNAL IDS
db:CERT/CCid:VU#724487
Trust: 3.6
db:NVDid:CVE-2016-4966
Trust: 2.8
db:BIDid:92781
Trust: 2.0
db:JVNid:JVNVU97260486
Trust: 0.8
db:JVNDBid:JVNDB-2016-004869
Trust: 0.8
db:CNNVDid:CNNVD-201609-093
Trust: 0.7
db:VULHUBid:VHN-93785
Trust: 0.1
sources:
            
            
            CERT/CC: VU#724487 // 
            
            
            
            VULHUB: VHN-93785 // 
            
            
            
            BID: 92781 // 
            
            
            
            JVNDB: JVNDB-2016-004869 // 
            
            
            
            CNNVD: CNNVD-201609-093 // 
            
            
            
            NVD: CVE-2016-4966

REFERENCES
url:http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
Trust: 3.6
url:https://www.kb.cert.org/vuls/id/724487
Trust: 2.8
url:http://www.securityfocus.com/bid/92781
Trust: 1.7
url:http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
Trust: 1.7
url:https://www.fortinet.com/products-services/products/wan-appliances/fortiwan.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4966
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97260486/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4966
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#724487 // 
            
            
            
            VULHUB: VHN-93785 // 
            
            
            
            BID: 92781 // 
            
            
            
            JVNDB: JVNDB-2016-004869 // 
            
            
            
            CNNVD: CNNVD-201609-093 // 
            
            
            
            NVD: CVE-2016-4966

CREDITS
Virgoteam (Fan-Syun Shih, Kun-Xian Lin, Yu-Chi, and Ding)
Trust: 0.9
sources:
            
            
            BID: 92781 // 
            
            
            
            CNNVD: CNNVD-201609-093

SOURCES
db:CERT/CCid:VU#724487
db:VULHUBid:VHN-93785
db:BIDid:92781
db:JVNDBid:JVNDB-2016-004869
db:CNNVDid:CNNVD-201609-093
db:NVDid:CVE-2016-4966

LAST UPDATE DATE
2025-04-13T23:17:52.721000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#724487date:2016-09-09T00:00:00
db:VULHUBid:VHN-93785date:2016-09-21T00:00:00
db:BIDid:92781date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004869date:2016-09-27T00:00:00
db:CNNVDid:CNNVD-201609-093date:2016-09-22T00:00:00
db:NVDid:CVE-2016-4966date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#724487date:2016-09-06T00:00:00
db:VULHUBid:VHN-93785date:2016-09-21T00:00:00
db:BIDid:92781date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004869date:2016-09-27T00:00:00
db:CNNVDid:CNNVD-201609-093date:2016-09-07T00:00:00
db:NVDid:CVE-2016-4966date:2016-09-21T14:25:07.720