CVE-2016-4965

Published: Sep 21, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Affected (1)

Products: Fortinet: Fortiwan

Fortinet

1 product

Fortiwan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiwan	Up to 4.2.4

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Source: cve@mitre.org

Release Notes

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/92779

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/724487

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92779

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/724487

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.