Remote Authentication Cookie Disclosure in Fortinet FortiWan (formerly AscernLink) before 4.2.5

Remote Authentication Cookie Disclosure in Fortinet FortiWan (formerly AscernLink) before 4.2.5

CVE-2016-4968 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

Learn more about our Cis Benchmark Audit For Fortinet.