Fortinet · Fortiwan · CVE-2016-4966
**Name of the Vulnerable Software and Affected Versions**
Fortinet FortiWan versions prior to 4.2.5
**Description**
The issue concerns the diagnosis control.php page, where remote authenticated users can download PCAP files. This is related to the `UserName` GET parameter.
**Recommendations**
For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the diagnosis control.php page until the update is applied. Avoid using the `UserName` parameter in the affected page to minimize the risk of exploitation.