The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities.
According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - CVE-2016-4965
An authenticated but low-privileged (non-administrator) account may be able to execute OS commands in the root context, capture network traffic through the FortiWAN device, obtain appliance system configuration, or conduct cross-site scripting attacks against administrator users.
Apply an update
Thanks to Virgoteam ( Fan-Syun Shih, Kun-Xian Lin, and Yu-Chi Ding) for reporting these vulnerabilities.
This document was written by Garret Wassermann.