CVE-2021-41024 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-41024?

CVE-2021-41024 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to perform path traversal attacks on FortiOS and FortiProxy login pages, potentially exposing sensitive server information. Attackers can inject path traversal sequences in GET requests to access files outside intended directories. Affected systems include FortiOS 7.0.0-7.0.1 and FortiProxy 7.0.0.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform path traversal attacks on FortiOS and FortiProxy login pages, potentially exposing sensitive server information. Attackers can inject path traversal sequences in GET requests to access files outside intended directories. Affected systems include FortiOS 7.0.0-7.0.1 and FortiProxy 7.0.0.

💻 Affected Systems

Products:

FortiOS
FortiProxy

Versions: FortiOS 7.0.0-7.0.1, FortiProxy 7.0.0

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with web management interface enabled and accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server file system disclosure including configuration files, credentials, and sensitive system information leading to full system compromise.

🟠

Likely Case

Partial information disclosure of web-accessible files, potentially revealing configuration details that could enable further attacks.

🟢

If Mitigated

Limited or no information disclosure due to proper input validation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET request manipulation required, no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.0.2+, FortiProxy 7.0.1+

Vendor Advisory: https://fortiguard.com/advisory/FG-IR-21-181

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install FortiOS 7.0.2+ or FortiProxy 7.0.1+ from Fortinet support portal. 3. Apply firmware update via web interface or CLI. 4. Reboot device. 5. Verify version update.

🔧 Temporary Workarounds

Restrict Web Interface Access

all

Limit access to management interface using firewall rules or access controls.

Disable Unnecessary Web Services

all

Turn off web management interface if not required for operations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Deploy WAF with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check FortiOS/FortiProxy version via web interface or CLI 'get system status' command.

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is FortiOS 7.0.2+ or FortiProxy 7.0.1+ and test path traversal attempts return proper errors.

📡 Detection & Monitoring

Log Indicators:

HTTP GET requests with ../ sequences to login page
Unusual file access patterns in web logs

Network Indicators:

HTTP requests containing path traversal patterns to management interface

SIEM Query:

source="fortigate" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*") AND uri_path="/login*"

📊 Metadata

CVE ID: CVE-2021-41024

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: December 8, 2021

Last Updated: November 21, 2024

🔗 References

https://fortiguard.com/advisory/FG-IR-21-181 Patch,Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-181 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41024, you might also want to check these: