Arbitrary Command Execution with Root Privileges in Fortinet FortiWan (formerly AscernLink)

Arbitrary Command Execution with Root Privileges in Fortinet FortiWan (formerly AscernLink)

CVE-2016-4965 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Learn more about our User Device Pen Test.