The vulnerability of the traffic balancing system with integrated WEB-security and data filtering services provided by FortiWAN arises from errors in processing the relative path to the catalog. This allows attackers to bypass authentication processes, delete arbitrary files, and reset the administrator password to a default value.

🗓️ 12 May 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

FortiWAN path handling flaw bypasses authentication and allows file deletion and password reset.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the FortiWAN traffic balancing system, related to errors in processing the relative path to the catalog, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.	12 May 202100:00	–	bdu_fstec
Circl	CVE-2021-26102	19 Dec 202414:00	–	circl
CNNVD	Fortinet FortiWAN 授权问题漏洞	28 Apr 202100:00	–	cnnvd
CVE	CVE-2021-26102	19 Dec 202413:56	–	cve
Cvelist	CVE-2021-26102	19 Dec 202413:56	–	cvelist
Fortinet	Authentication bypass in FortiWAN	27 Apr 202100:00	–	fortinet
NVD	CVE-2021-26102	19 Dec 202414:15	–	nvd
Positive Technologies	PT-2021-2813 · Fortinet · Fortiwan	27 Apr 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-26102	6 Feb 202503:34	–	redhatcve
Vulnrichment	CVE-2021-26102	19 Dec 202413:56	–	vulnrichment

Vulners

Node

fortinet fortiwanRange≤4.5.7

Source	Link
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021042805
fortiguard	www.fortiguard.com/psirt/FG-IR-21-048
securitylab	www.securitylab.ru/vulnerability/519428.php
safe-surf	www.safe-surf.ru/upload/VULN/VULN-20210430.3.pdf
web	www.web.nvd.nist.gov/view/vuln/detail
fortiguard	www.fortiguard.com/psirt/FG-IR-21-048

02 Dec 2021 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 210

CVSS 310

EPSS0.60812

FortiWAN path handling flaw authentication bypass file deletion password reset crafted requests