An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-21-158 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-02-02T10:46:53
Updated: 2024-08-04T03:38:50.205Z
Reserved: 2021-10-20T00:00:00
Link: CVE-2021-42753
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-02T11:15:07.833
Modified: 2022-02-07T14:48:54.657
Link: CVE-2021-42753
Redhat
No data.