| IR Number | FG-IR-21-181 |
| Date | Dec 7, 2021 |
| Severity |
High |
| CVSSv3 Score | 7.3 |
| Impact | Escalation of privilege |
| CVE ID | CVE-2021-41024 |
| Affected Products |
FortiProxy
:
7.0.0
FortiOS
:
7.0.1, 7.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS & FortiProxy -- Path traversal vulnerability
Summary
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
Affected Products
FortiGate versions 7.0.1 and 7.0.0.
FortiGate versions 6.2.x, 6.4.x are NOT impacted by this vulnerability.
FortiProxy version 7.0.0.
Solutions
Please upgrade to FortiGate version 7.0.2 or above.
Please upgrade to FortiProxy version 7.0.1 or above.