FortiWAN Multiple Vulnerabilities
Summary
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.
CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context
CVE-2016-4966: Non-administrative authenticated user having access privileges to change the HTTP Get param "UserName" to "Administrator" may access PCAP files
CVE-2016-4967: Non-administrative authenticated user may access configuration information and/or PCAP files via specific URLs
CVE-2016-4968: Non-administrative authenticated user may obtain administrator cookie via specific GET requests
CVE-2016-4969: Persistent XSS
Affected Products
FortiWan 4.2.4 and below
Solutions
Upgrade to 4.2.5 or above
Acknowledgement
Reported by CERT/CC