ID

VAR-202112-0330


CVE

CVE-2021-41024


TITLE

FortiOS  and  FortiProxy  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015884

DESCRIPTION

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

Trust: 1.71

sources: NVD: CVE-2021-41024 // JVNDB: JVNDB-2021-015884 // VULHUB: VHN-402294

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.0.1

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.1

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-015884 // NVD: CVE-2021-41024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41024
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-41024
value: HIGH

Trust: 1.0

NVD: CVE-2021-41024
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-531
value: HIGH

Trust: 0.6

VULHUB: VHN-402294
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41024
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-402294
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-41024
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015884
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024 // NVD: CVE-2021-41024

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // NVD: CVE-2021-41024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-531

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202112-531

PATCH

title:FG-IR-21-181url:https://www.fortiguard.com/psirt/FG-IR-21-181

Trust: 0.8

title:Fortinet FortiOS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173873

Trust: 0.6

sources: JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531

EXTERNAL IDS

db:NVDid:CVE-2021-41024

Trust: 3.3

db:JVNDBid:JVNDB-2021-015884

Trust: 0.8

db:CNNVDid:CNNVD-202112-531

Trust: 0.7

db:AUSCERTid:ESB-2021.4147

Trust: 0.6

db:CS-HELPid:SB2021120718

Trust: 0.6

db:CNVDid:CNVD-2021-101142

Trust: 0.1

db:VULHUBid:VHN-402294

Trust: 0.1

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-181

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41024

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.4147

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120718

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-directory-traversal-via-login-page-37027

Trust: 0.6

sources: VULHUB: VHN-402294 // JVNDB: JVNDB-2021-015884 // CNNVD: CNNVD-202112-531 // NVD: CVE-2021-41024

SOURCES

db:VULHUBid:VHN-402294
db:JVNDBid:JVNDB-2021-015884
db:CNNVDid:CNNVD-202112-531
db:NVDid:CVE-2021-41024

LAST UPDATE DATE

2024-08-14T14:02:55.071000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-402294date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015884date:2022-12-01T07:33:00
db:CNNVDid:CNNVD-202112-531date:2021-12-15T00:00:00
db:NVDid:CVE-2021-41024date:2021-12-09T19:26:22.320

SOURCES RELEASE DATE

db:VULHUBid:VHN-402294date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015884date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202112-531date:2021-12-08T00:00:00
db:NVDid:CVE-2021-41024date:2021-12-08T13:15:07.957