PT-2022-11355 · Fortinet · Fortiweb

Published

2022-04-06

Updated

2022-04-13

CVE-2021-41026

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3.0 through 6.3.15 FortiWeb versions 6.4.0 FortiWeb versions 6.4.1

Description A relative path traversal may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Recommendations For FortiWeb versions 6.3.0 through 6.3.15, update to a version that fixes the relative path traversal issue. For FortiWeb versions 6.4.0, update to a version that fixes the relative path traversal issue. For FortiWeb versions 6.4.1, update to a version that fixes the relative path traversal issue. As a temporary workaround, consider restricting access to sensitive files on the underlying filesystem until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-41026

Affected Products

Fortiweb

PT-2022-11355 · Fortinet · Fortiweb

CVE-2021-41026

Weakness Enumeration

Related Identifiers

Affected Products

References · 5