Relative Path Traversal Vulnerabilities in FortiWLM Management Interface by Fortinet
CVE-2021-43070

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiwlm
Vendor: CVE Published:; 2 March 2022

Summary

Multiple relative path traversal vulnerabilities have been identified in the FortiWLM management interface. These vulnerabilities affect various versions, potentially allowing an authenticated attacker to exploit the interface and retrieve arbitrary files from the underlying filesystem by crafting specific web requests. This poses a significant risk to the security and integrity of the data managed by FortiWLM.

Affected Version(s)

Fortinet FortiWLM FortiWLM 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2

References

https://fortiguard.com/psirt/FG-IR-21-106

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Oct 28, 2021