CVE-2016-4965

Name of the Vulnerable Software and Affected Versions Fortinet FortiWan (formerly AscernLink) versions prior to 4.2.5

Description The issue allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges. This is achieved via the graph parameter to the "diagnosis control.php" API endpoint.

Recommendations For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "diagnosis control.php" API endpoint and the graph parameter to minimize the risk of exploitation.