Exposure of Sensitive System Information in Fortinet Products
CVE-2021-24008

5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiddos; Fortindr; Fortiddos-cm
Vendor: CVE Published:; 28 March 2025

Summary

A vulnerability exists in several Fortinet products, allowing remote unauthenticated attackers to gain access to potentially sensitive system information. This can occur through the reading of exposed JavaScript files that disclose software version data, potentially leading to further exploitation or targeted attacks against the affected systems.

Affected Version(s)

FortiDDoS 5.4.0

FortiDDoS 5.3.0 <= 5.3.2

FortiDDoS 5.2.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-20-105

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Jan 13, 2021