CVE-2016-4966

Name of the Vulnerable Software and Affected Versions Fortinet FortiWan versions prior to 4.2.5

Description The issue concerns the diagnosis control.php page, where remote authenticated users can download PCAP files. This is related to the UserName GET parameter.

Recommendations For versions prior to 4.2.5, update to version 4.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the diagnosis control.php page until the update is applied. Avoid using the UserName parameter in the affected page to minimize the risk of exploitation.