CVE-2021-43070

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 40.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiwlm Fortinet Fortinet Fortiwlm

Timeline

PublishedMar 2

Latest updateMar 3

Description

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDfortinet/fortiwlm8.3.0 — 8.3.3+4

▶CVEListV5fortinet/fortinet_fortiwlmFortiWLM 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2

🔴Vulnerability Details

GHSA

GHSA-x7gj-6vhf-hvmm: Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8↗2022-03-03

▶

CVEList

CVE-2021-43070: Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8↗2022-03-02

▶

📋Vendor Advisories

Fortinet

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and be...↗2022-03-02

▶