CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26102

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.138

EPSS Ranking 94.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-21-048

Products affected by CVE-2021-26102

Fortinet » Fortiwan » Version: 4.4.0

cpe:2.3:a:fortinet:fortiwan:4.4.0
Fortinet » Fortiwan » Version: 4.4.1

cpe:2.3:a:fortinet:fortiwan:4.4.1
Fortinet » Fortiwan » Version: 4.5.0

cpe:2.3:a:fortinet:fortiwan:4.5.0
Fortinet » Fortiwan » Version: 4.5.1

cpe:2.3:a:fortinet:fortiwan:4.5.1
Fortinet » Fortiwan » Version: 4.5.2

cpe:2.3:a:fortinet:fortiwan:4.5.2
Fortinet » Fortiwan » Version: 4.5.3

cpe:2.3:a:fortinet:fortiwan:4.5.3
Fortinet » Fortiwan » Version: 4.5.4

cpe:2.3:a:fortinet:fortiwan:4.5.4
Fortinet » Fortiwan » Version: 4.5.5

cpe:2.3:a:fortinet:fortiwan:4.5.5
Fortinet » Fortiwan » Version: 4.5.6

cpe:2.3:a:fortinet:fortiwan:4.5.6
Fortinet » Fortiwan » Version: 4.5.7

cpe:2.3:a:fortinet:fortiwan:4.5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26102

Products

Pricing

Contact Us