Main Vulnerability Database Vulnerabilities #VU54731

#VU54731 Path traversal in FortiMail - CVE-2021-24013

Published: July 13, 2021

Vulnerability identifier: #VU54731

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-24013

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiMail

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install update from vendor's website.

External links

https://fortiguard.com/advisory/FG-IR-21-014

#VU54731 Path traversal in FortiMail - CVE-2021-24013

Description

Remediation

External links

Please verify you're human