CVE-2021-41024

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.1 FortiProxy version 7.0.0

Description A relative path traversal issue may allow an unauthenticated attacker to inject path traversal character sequences, potentially disclosing sensitive server information via a GET request to the login page. This could enable a remote attacker to gain unauthorized access to protected information and potentially elevate their privileges using a specially crafted GET request.

Recommendations For FortiOS versions 7.0.0 through 7.0.1, consider restricting access to the login page until a patch is available. For FortiProxy version 7.0.0, avoid using the GET request on the login page until the issue is resolved. As a temporary workaround, consider disabling the login page functionality until a fix is provided.