CVE-2016-4966

EUVD-2016-5940
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
fortinetfortiwan
𝑥
≤ 4.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
http://www.securityfocus.com/bid/92781
https://www.kb.cert.org/vuls/id/724487
http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
http://www.securityfocus.com/bid/92781
https://www.kb.cert.org/vuls/id/724487