PSIRT Advisory

FortiWAN Multiple Vulnerabilities

Summary

FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.
CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context

CVE-2016-4966: Non-administrative authenticated user  having access privileges to change the HTTP Get param "UserName" to "Administrator" may access PCAP files

CVE-2016-4967: Non-administrative authenticated user may access configuration information and/or PCAP files via specific URLs

CVE-2016-4968: Non-administrative authenticated user may obtain administrator cookie via specific GET requests

CVE-2016-4969: Persistent XSS

Impact

XSS, information leak, escalation of privilege

Affected Products

FortiWan 4.2.4 and below

Solutions

Upgrade to 4.2.5 or above

Acknowledgement

Reported by CERT/CC