Home

Description

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.

PUBLISHED Reserved 2021-10-20 | Published 2022-02-02 | Updated 2024-10-22 | Assigner fortinet




HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U/RC:C

References

fortiguard.com/psirt/FG-IR-21-158

fortiguard.com/psirt/FG-IR-21-158

cve.org (CVE-2021-42753)

nvd.nist.gov (CVE-2021-42753)

Download JSON