The Channel logo


By | Richard Chirgwin 7th September 2016 03:55

Hello, Fortinet? Could you patch these vulns please?

Oh, and CERT's left a message or two

Fortinet's load balancer has been found to include a bunch of vulnerabilities, and so far, the Carnegie-Mellon CERT hasn't been able to determine whether or not they've all been patched.

In its advisory, the CERT says FortiWAN is subject to command injections, information exposure, and cross-site scripting attacks.

As the advisory states: “An authenticated but low-privileged (non-administrator) account may be able to execute OS commands in the root context, capture network traffic through the FortiWAN device, obtain appliance system configuration, or conduct cross-site scripting attacks against administrator users.”

While one of the vulnerabilities in the list has been fixed in FortiWAN 4.2.5, the advisory continues: “It is currently unclear if the remaining vulnerabilities in this Vulnerability Note were also addressed in this release.”

The vulns are as follows:

  • CVE-2016-4966 – Fixed: a bug in diagnosis_control.php, an authentication bypass that lets an attacker get a dump of captured packets;
  • CVE-2016-4965 – Operating system command injection, also via diagnosis_control.php;
  • CVE-2016-4967 – A privilege escalation bug that lets a lower-privilege user get a backup of the device configuration;
  • CVE-2016-4968 – A user with low privileges can get the admin login cookie with a simple GET request; and
  • CVE-2016-4969 – Cross-site scripting via the /script/statistics/getconn.php file's IP parameter.

The vulns were reported to the CERT by Virgoteam. ®

comment icon Read 2 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'