Arbitrary File and Directory Deletion Vulnerability in FortiWeb Management Interface

Arbitrary File and Directory Deletion Vulnerability in FortiWeb Management Interface

CVE-2021-42753 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.

Learn more about our Web App Pen Testing.