Operating System:

[Appliance][Virtual]

Published:

08 September 2016

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2016.2102 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2102
                     FortiWAN Multiple Vulnerabilities
                             8 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Fortinet FortiWAN
Publisher:         FortiGuard
Operating System:  Network Appliance
                   VMware ESX Server
Impact/Access:     Root Compromise        -- Existing Account            
                   Access Privileged Data -- Existing Account            
                   Cross-site Scripting   -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-4969 CVE-2016-4968 CVE-2016-4967
                   CVE-2016-4966 CVE-2016-4965 

Original Bulletin: 
   http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiWAN Multiple Vulnerabilities

Info

Risk

3 Medium

Date

Sep 07 2016

Impact

XSS, information leak, escalation of privilege

CVE ID

CVE-2016-4965, CVE-2016-4966, CVE-2016-4967, CVE-2016-4968, CVE-2016-4969

Fixed In Firmware

FortiWan 4.2.4 and below is exposed to cross site scripting, information leak 
and escalation of privilege vulnerabilities.

CVE-2016-4965: Non-administrative authenticated user having access privileges
to the nslookup functionality can perform OS command injection in the root 
user context

CVE-2016-4966: Non-administrative authenticated user having access privileges
to change the HTTP Get param "UserName" to "Administrator" may access PCAP 
files

CVE-2016-4967: Non-administrative authenticated user may access configuration
information and/or PCAP files via specific URLs

CVE-2016-4968: Non-administrative authenticated user may obtain administrator
cookie via specific GET requests

CVE-2016-4969: Persistent XSS

Impact

XSS, information leak, escalation of privilege

Affected Products

FortiWan 4.2.4 and below

Risk

3 Medium

Solutions

Upgrade to 4.2.5 or above

Acknowledgement

Reported by CERT/CC

References

http://www.kb.cert.org/vuls/id/724487

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV9DGwIx+lLeg9Ub1AQhNdA//UNi7BkoID44fr0PE0kSAoEemo9FzyvOg
fNP0rnL3qR0lWV4yBYKJ9GzNamADIxr5/j9dhs+R7FcC0F5fXmT+7awa6yPtb5c3
kZKBrjLUYarUWVaWyEFp1bxPR2G3q4kdbkQkP855c8sTOsn/EYskaXZz3k/a6BpQ
Y50SnTPY8exsgpc3vV2fj8hO9z+LSNjeunOH7orM+g6E4vnHYWfRleOvGkOqx3Yf
+BoQixQ0X6OK+AaYL4G67d22KP+iCu89GTfogkCblGHOC9yGVFe2E5uyo+DUzasb
TkcUGEzvbFVEShSMXaJGpo8mRKAR6HXzvV6tTPkafnDjVug0BauVaFSDlzcONoTv
iS9FNeqkPySVzhmOh+Czp16FhKAt5l8eJ8X3DEPUETQO09q5fMFLm98WzlUxUdqX
8iemrPAkk3Gzw18O3og+Zn7y1mv9c6qidDIdKrBNOz9c8OLfi6sJ6pX7scJ0lpkj
3T/nwx19ncRFmOZOTCP2jSiU/vbLo+2Wo92WLUuPYlQxiNPSBRT2d3xgIz8sUjXi
ovvbk3oE9u4wKlJNCfp+IpbjhQ4TVdufjgXrOsuRSJA4K4sI7ZNE0b/Hm9fV1jy6
fH4hAezPGrTdHu6JCzppo7HLIiJCAVV9ewuXN/nEBg8AQjfh552FfYZ9wjs1AS/t
hquZj6lyypY=
=T3mJ
-----END PGP SIGNATURE-----