Details of VAR-202112-0330

ID

VAR-202112-0330

CVE

CVE-2021-41024

TITLE

FortiOS and FortiProxy Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015884

DESCRIPTION

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.71

sources: NVD: CVE-2021-41024 // JVNDB: JVNDB-2021-015884 // VULHUB: VHN-402294

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.0	Trust: 0.8

sources: JVNDB: JVNDB-2021-015884 // NVD: CVE-2021-41024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41024
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-41024
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41024
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-531
value:	HIGH
Trust: 0.6
VULHUB:	VHN-402294
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41024
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-402294
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-41024
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-015884
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024 // NVD: CVE-2021-41024

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // NVD: CVE-2021-41024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-531

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202112-531

PATCH

title:	FG-IR-21-181	url:	https://www.fortiguard.com/psirt/FG-IR-21-181	Trust: 0.8
title:	Fortinet FortiOS Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173873	Trust: 0.6

sources: JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41024	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015884	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-531	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.4147	Trust: 0.6
db:	CS-HELP	id:	SB2021120718	Trust: 0.6
db:	CNVD	id:	CNVD-2021-101142	Trust: 0.1
db:	VULHUB	id:	VHN-402294	Trust: 0.1

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-181	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41024	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.4147	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120718	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-directory-traversal-via-login-page-37027	Trust: 0.6

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024

SOURCES

db:	VULHUB	id:	VHN-402294
db:	JVNDB	id:	JVNDB-2021-015884
db:	CNNVD	id:	CNNVD-202112-531
db:	NVD	id:	CVE-2021-41024

LAST UPDATE DATE

2024-08-14T14:02:55.071000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-402294	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015884	date:	2022-12-01T07:33:00
db:	CNNVD	id:	CNNVD-202112-531	date:	2021-12-15T00:00:00
db:	NVD	id:	CVE-2021-41024	date:	2021-12-09T19:26:22.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-402294	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015884	date:	2022-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202112-531	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-41024	date:	2021-12-08T13:15:07.957