A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-21-048 |
![]() ![]() |
History
Tue, 21 Jan 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fortinet
Fortinet fortiwan |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:fortinet:fortiwan:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fortinet
Fortinet fortiwan |
Thu, 19 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value. | |
Weaknesses | CWE-305 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: fortinet
Published: 2024-12-19T13:56:38.177Z
Updated: 2024-12-19T15:17:08.639Z
Reserved: 2021-01-25T14:47:15.095Z
Link: CVE-2021-26102

Updated: 2024-12-19T15:16:21.331Z

Status : Analyzed
Published: 2024-12-19T14:15:05.380
Modified: 2025-01-21T20:29:43.850
Link: CVE-2021-26102

No data.