Vulnerability Details CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.92
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html
- http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html
- https://github.com/erberkan/fortilogger_arbitrary_fileupload
- http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html
- http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html
- https://github.com/erberkan/fortilogger_arbitrary_fileupload
Products affected by CVE-2021-3378
-
cpe:2.3:a:fortilogger:fortilogger:3.1.5
-
cpe:2.3:a:fortilogger:fortilogger:3.1.7
-
cpe:2.3:a:fortilogger:fortilogger:3.2.1
-
cpe:2.3:a:fortilogger:fortilogger:3.2.2
-
cpe:2.3:a:fortilogger:fortilogger:3.4.1
-
cpe:2.3:a:fortilogger:fortilogger:3.6.2
-
cpe:2.3:a:fortilogger:fortilogger:4.2.1
-
cpe:2.3:a:fortilogger:fortilogger:4.2.5
-
cpe:2.3:a:fortilogger:fortilogger:4.4.2
-
cpe:2.3:a:fortilogger:fortilogger:4.4.2.2