CVE-2021-41024

HIGH

FortiProxy 7.0.0 and FortiOS 7.0.0-7.0.1 - Unauthenticated Path Traversal via Login Page GET Request

Title source: llm
STIX 2.1

Description

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-21-181

Scores

CVSS v3 7.5
EPSS 0.0100
EPSS Percentile 77.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (3)
fortinet/fortios 7.0.0
fortinet/fortios 7.0.1
fortinet/fortiproxy 7.0.0
Published Dec 08, 2021
Tracked Since Feb 18, 2026