Severity

High

Analysis Summary

CVE-2021-42753

Fortinet FortiWeb could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) in the device filesystem to delete arbitrary files on the system.

Impact

• Directory Traversal

Affected Vendors

Fortinet

Affected Products

• Fortinet Fortiweb

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.