FortiOS & FortiProxy -- Path traversal vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-181
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
None
Escalation of privilege
FortiGate versions 7.0.1 and 7.0.0. FortiGate versions 6.2.x, 6.4.x are NOT impacted by this vulnerability. FortiProxy version 7.0.0.
Please upgrade to FortiGate version 7.0.2 or above. Please upgrade to FortiProxy version 7.0.1 or above.
Fortinet is pleased to thank Mohammed Eldeeb from Spark Engineering Consultants for reporting this vulnerability under responsible disclosure.
FortiProxy 7.0.0
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS & FortiProxy -- Path traversal vulnerability
CVE-2021-41024
FortiProxy-7.0.0
FortiOS-7.0.1
FortiOS-7.0.0
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-181
FortiOS & FortiProxy -- Path traversal vulnerability
Reference>