CVE-2021-41024

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGH
EPSS
1.0%
top 23.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet Fortinet FortiosFortinet FortiosFortinet Fortiproxy
Timeline
PublishedDec 8
Latest updateDec 9

Description

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDfortinet/fortios7.0.0, 7.0.1+1
CVEListV5fortinet/fortinet_fortiosFortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-ff2w-m935-v55x: A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 72021-12-09
CVEList
CVE-2021-41024: A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 72021-12-08

📋Vendor Advisories

1
Fortinet
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may al...2021-12-08
CVE-2021-41024 (HIGH CVSS 7.5) | A relative path traversal [CWE-23] | cvebase.io