CVE-2016-4968

Published: Sep 21, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

Affected (1)

Products: Fortinet: Fortiwan

Fortinet

1 product

Fortiwan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiwan	Up to 4.2.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Source: cve@mitre.org

Release NotesThird Party Advisory

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/92779

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/724487

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/92779

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/724487

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.