Every CVE whose affected-product data names Fortinet Fortiwan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2021-26102 — CVSS 9.8 (critical): A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated…
CVE-2021-26114 — CVSS 9.8 (critical): Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an…
CVE-2016-4965 — CVSS 8.8 (high): Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute…
CVE-2022-33869 — CVSS 8.8 (high): An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0…
CVE-2023-44252 — CVSS 8.8 (high): ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and…
CVE-2023-44251 — CVSS 8.3 (high): ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in…
CVE-2021-26112 — CVSS 8.1 (high): Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN…
CVE-2021-26115 — CVSS 7.8 (high): An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated…
CVE-2021-24009 — CVSS 7.2 (high): Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9…
CVE-2021-32585 — CVSS 7.2 (high): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to…
CVE-2021-32593 — CVSS 6.5 (medium): A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may…
CVE-2016-4967 — CVSS 6.5 (medium): Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of…
CVE-2016-4968 — CVSS 6.5 (medium): The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover…
CVE-2016-4966 — CVSS 6.5 (medium): The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP…
CVE-2021-26113 — CVSS 6.2 (medium): A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously…
CVE-2016-4969 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject…