CVE-2021-41024

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

Published: Dec 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-41024
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortios	7.0.0	7.0.0.x
fortinet / fortios	7.0.1	7.0.1.x
fortinet / fortiproxy	7.0.0	7.0.0.x

https://fortiguard.com/advisory/FG-IR-21-181

Vulnerability Database

289,784

CVE-2021-41024