CVE-2021-43070

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiwlm
Vendor: CVE Published:; 2 March 2022

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Affected Version(s)

Fortinet FortiWLM FortiWLM 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2

References

https://fortiguard.com/psirt/FG-IR-21-106

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Oct 28, 2021