The Channel logo


By | Richard Chirgwin 7th September 2016 03:55

Hello, Fortinet? Could you patch these vulns please?

Oh, and CERT's left a message or two

Fortinet's load balancer has been found to include a bunch of vulnerabilities, and so far, the Carnegie-Mellon CERT hasn't been able to determine whether or not they've all been patched.

In its advisory, the CERT says FortiWAN is subject to command injections, information exposure, and cross-site scripting attacks.

As the advisory states: “An authenticated but low-privileged (non-administrator) account may be able to execute OS commands in the root context, capture network traffic through the FortiWAN device, obtain appliance system configuration, or conduct cross-site scripting attacks against administrator users.”

While one of the vulnerabilities in the list has been fixed in FortiWAN 4.2.5, the advisory continues: “It is currently unclear if the remaining vulnerabilities in this Vulnerability Note were also addressed in this release.”

The vulns are as follows:

  • CVE-2016-4966 – Fixed: a bug in diagnosis_control.php, an authentication bypass that lets an attacker get a dump of captured packets;
  • CVE-2016-4965 – Operating system command injection, also via diagnosis_control.php;
  • CVE-2016-4967 – A privilege escalation bug that lets a lower-privilege user get a backup of the device configuration;
  • CVE-2016-4968 – A user with low privileges can get the admin login cookie with a simple GET request; and
  • CVE-2016-4969 – Cross-site scripting via the /script/statistics/getconn.php file's IP parameter.

The vulns were reported to the CERT by Virgoteam. ®

comment icon Read 2 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe