Arbitrary Command Execution with Root Privileges in Fortinet FortiWan (formerly AscernLink)
CVE-2016-4965 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
Learn more about our User Device Pen Test.