Login Sign Up

CVE-2021-24013

8.8 HIGH
Path Traversal

📋 TL;DR

This path traversal vulnerability in FortiMail webmail allows authenticated users to access unauthorized files and data through specially crafted web requests. It affects FortiMail systems before version 6.4.4. Regular users with webmail access can exploit this to read sensitive files on the system.

💻 Affected Systems

Products:
  • FortiMail
Versions: All versions before 6.4.4
Operating Systems: Fortinet's custom OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the webmail component specifically. Requires user authentication to exploit.

📦 What is this software?

Fortimail by Fortinet

View all CVEs affecting Fortimail →

Fortimail by Fortinet

View all CVEs affecting Fortimail →

Fortimail by Fortinet

View all CVEs affecting Fortimail →

Fortimail by Fortinet

View all CVEs affecting Fortimail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive system files, configuration files, or user data, potentially leading to credential theft, privilege escalation, or complete system compromise.

🟠

Likely Case

Authenticated users accessing unauthorized files containing configuration data, user information, or other sensitive data stored on the FortiMail system.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to unauthorized file reads that are detected and blocked.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated user access to webmail. Path traversal vulnerabilities are typically easy to exploit once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.4 and later

Vendor Advisory: https://fortiguard.com/advisory/FG-IR-21-014

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download FortiMail 6.4.4 or later from Fortinet support portal. 3. Upload and install the firmware update through the web interface. 4. Reboot the system after installation completes.

🔧 Temporary Workarounds

Restrict Webmail Access

all

Limit webmail access to only necessary users and implement network segmentation

Implement WAF Rules

all

Add web application firewall rules to block path traversal patterns

🧯 If You Can't Patch

  • Implement strict access controls and monitor webmail access logs for suspicious activity
  • Consider disabling webmail access if not essential for business operations

🔍 How to Verify

Check if Vulnerable:

Check FortiMail version via web interface: System > Dashboard > System Information

Check Version:

show system status (via CLI) or check web interface dashboard

Verify Fix Applied:

Verify version is 6.4.4 or later and test webmail functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in webmail logs
  • Multiple failed path traversal attempts
  • Access to files outside normal webmail directories

Network Indicators:

  • HTTP requests containing '../' patterns or unusual file paths

SIEM Query:

source="fortimail" AND (http_uri="*../*" OR http_uri="*..\\*" OR http_uri="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2021-24013
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: July 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24013, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)