CVE-2016-4965
Severity
8.8HIGH
EPSS
7.7%
top 8.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 21
Latest updateMay 17
Description
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9