| |
Vulnerability CVE-2021-42753
Published: 2022-02-02
| Description: |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. |
Type:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
8.5/10 |
9.2/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Complete |
Complete |
References: |
https://fortiguard.com/psirt/FG-IR-21-158
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
