CVE-2021-24008

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 54.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiddos Fortinet Fortimail Fortinet Fortirecorder +3 more

Timeline

PublishedMar 28

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, vers…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶NVDfortinet/fortiddos4.4.0 — 5.4.3

▶CVEListV5fortinet/fortiddos5.3.0 — 5.3.2+8

▶CVEListV5fortinet/fortiddos-cm5 versions+4

▶NVDfortinet/fortiddos-cm5 versions+4

▶NVDfortinet/fortimail6.0.0 — 6.0.10+2

🔴Vulnerability Details

CVEList

CVE-2021-24008: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5↗2025-03-28

▶

GHSA

GHSA-f254-h25h-9hpx: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5↗2025-03-28

▶

📋Vendor Advisories

Fortinet

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail v...↗2022-01-05

▶