CVE-2021-41026

CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 33.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedApr 6
Latest updateApr 7

Description

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.16+1
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15

🔴Vulnerability Details

2
GHSA
GHSA-pf39-475g-67qc: A relative path traversal in FortiWeb versions 62022-04-07
CVEList
CVE-2021-41026: A relative path traversal in FortiWeb versions 62022-04-06

📋Vendor Advisories

1
Fortinet
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacke...2022-04-06
CVE-2021-41026 (MEDIUM CVSS 6.5) | A relative path traversal in FortiW | cvebase.io