Authentication bypass in FortiWAN

2021-04-2700:00:00

FortiGuard Labs

www.fortiguard.com

JSON

A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.

CPENameOperatorVersion
ascenlinkeq7.2.9
ascenlinkeq7.2.8
ascenlinkeq7.2.7
ascenlinkeq7.2.6
ascenlinkeq7.2.5
ascenlinkeq7.2.4
ascenlinkeq7.2.3
ascenlinkeq7.2.23
ascenlinkeq7.2.22
ascenlinkeq7.2.21

Name	Operator	Version
ascenlink	eq	7.2.9
ascenlink	eq	7.2.8
ascenlink	eq	7.2.7
ascenlink	eq	7.2.6
ascenlink	eq	7.2.5
ascenlink	eq	7.2.4
ascenlink	eq	7.2.3
ascenlink	eq	7.2.23
ascenlink	eq	7.2.22
ascenlink	eq	7.2.21

Rows per page:

1-10 of 321

JSON

Related for FG-IR-21-048