CRITICAL🇵🇱 Wersja polska

CVE-2021-26102

CVSS 9.8v3.1pub. 2024-12-19upd. 2025-01-21

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.

🤖 AI Analysis
How it works

The attacker sends a specially crafted HTTP POST request containing a relative path sequence (relative path traversal, CWE-23), thereby bypassing authentication and access control mechanisms (CWE-305). The vulnerability allows operating on arbitrary files outside the permitted directory. Deletion of specific configuration files causes the administrator account password to reset to a default value, opening full access to the device.

Impact

An attacker without any privileges can delete critical system files and reset the administrator password to a default value, which in practice leads to complete takeover of the FortiWAN device.

Mitigation & patch

FortiWAN should be updated to a version higher than 4.5.7. Detailed information about available patches is available in the vendor's guide at https://fortiguard.fortinet.com/psirt/FG-IR-21-048. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted networks and IP addresses.

Who is affected

Fortinet FortiWAN version 4.5.7 and earlier, as well as all versions of the 4.4 branch

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortiwan

    APP
    Fortinet
    4.4.0 – 4.5.8 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-26114CRITICAL9.8ten sam produkt

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before...

CVE-2021-26115HIGH7.8ten sam produkt

An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may ...

CVE-2023-44252HIGH8.8ten sam produkt

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version...

CVE-2023-44251HIGH8.3ten sam produkt

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal'...

CVE-2022-33869HIGH8.8ten sam produkt

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management ...