Home/Product/fortinet fortiwan
Product

fortinet fortiwan

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-26102
>= 4.4.0 and < 4.5.8
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-auth
9.8CRITICAL
 CVE-2021-26115
< 4.5.8
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authe
7.8HIGH
 CVE-2023-44252
all versions
UNSUPPORTED WHEN ASSIGNED An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1
8.8HIGH
 CVE-2023-44251
all versions
UNSUPPORTED WHEN ASSIGNED A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE
8.3HIGH
 CVE-2022-33869
>= 4.0.0 and <= 4.0.6
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiW
8.8HIGH
 CVE-2021-32585
< 4.5.9
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attack
7.2HIGH
 CVE-2021-26113
< 4.5.9
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has pre
6.2MEDIUM
 CVE-2021-32593
<= 4.5.8
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9
6.5MEDIUM
 CVE-2021-26114
<= 4.5.8
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an
9.8CRITICAL
 CVE-2021-26112
<= 4.5.8
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of Fort
8.1HIGH
 CVE-2021-24009
<= 4.5.8
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN bef
7.2HIGH
 CVE-2016-4969
<= 4.2.4
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject
6.1MEDIUM
 CVE-2016-4968
<= 4.2.4
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to
6.5MEDIUM
 CVE-2016-4967
<= 4.2.4
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a
6.5MEDIUM
 CVE-2016-4966
<= 4.2.4
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to downlo
6.5MEDIUM
 CVE-2016-4965
<= 4.2.4
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality t
8.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh