CVE-2016-4965

CVE Database · CVE-2016-4965

CVE-2016-4965

· N/AModified

CVSS v3.1

N/A

EPSS

4.12%

Published

Sep 21, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Weaknesses (CWE)

CWE-78

Affected Products (1)

fortinet · fortiwanvulnerable

References (8)

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Release Notes

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Vendor Advisory

http://www.securityfocus.com/bid/92779

Third Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/724487

Third Party AdvisoryUS Government Resource

http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4.2.5-release-notes.pdf

Release Notes

http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs