| IR Number | FG-IR-21-158 |
| Date | Feb 1, 2022 |
| Severity |
High |
| CVSSv3 Score | 7.9 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2021-42753 |
| Affected Products |
FortiWeb
:
7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - arbitrary file/directory deletion
Summary
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
Affected Products
FortiWeb 6.4.1 and below.
FortiWeb 6.3.15 and below.
FortiWeb 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x.
Solutions
Please upgrade to FortiWeb 6.4.2 or above.
Please upgrade to FortiWeb 6.3.16 or above.