Skip to main content

Fortiwan

7 CVEs product

Monthly

CVE-2023-44252 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-44251 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2016-4969 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Fortinet Fortiwan
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-4968 MEDIUM This Month

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2016-4967 MEDIUM This Month

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2016-4966 MEDIUM This Month

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PHP Authentication Bypass Fortiwan
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2016-4965 HIGH This Week

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Fortinet Fortiwan
NVD
CVSS 3.0
8.8
EPSS
7.7%
EPSS 1% CVSS 8.8
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiwan
NVD
EPSS 1% CVSS 8.8
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortiwan
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Fortinet +1
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiwan
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Fortinet +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PHP Authentication Bypass +1
NVD
EPSS 8% CVSS 8.8
HIGH This Week

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Fortinet +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy