CVE-2021-24008

Name of the Vulnerable Software and Affected Versions FortiDDoS versions 4.4.2 through 5.4.0 FortiDDoS-CM versions 4.7.0 through 5.3.0 FortiVoice versions 6.0.6 and below FortiRecorder versions 6.0.3 and below FortiMail versions 6.0.9 through 6.4.1

Description The issue allows a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. This exposure of sensitive system information to an unauthorized control sphere may have significant implications for system security.

Recommendations For FortiDDoS versions 4.4.2 through 5.4.0, update to a version outside of the affected range. For FortiDDoS-CM versions 4.7.0 through 5.3.0, update to a version outside of the affected range. For FortiVoice versions 6.0.6 and below, update to a version above 6.0.6. For FortiRecorder versions 6.0.3 and below, update to a version above 6.0.3. For FortiMail versions 6.0.9 through 6.4.1, update to a version outside of the affected range.