
19/12/2024

21/1/2025
CVE-2021-26102: Path Traversal
First published: Thu Dec 19 2024(Updated: )
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|
Fortinet FortiWan | <=4.5.7=4.4 | |
Fortinet FortiWan | >=4.4.0<4.5.8 | |
Remedy
Please upgrade to FortiWAN version 4.5.8 or above
Please upgrade to AscenLink version 7.2.24 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-26102?
CVE-2021-26102 is considered a high severity vulnerability due to its potential impact on system integrity.
How do I fix CVE-2021-26102?
To fix CVE-2021-26102, upgrade FortiWAN to version 4.5.8 or later.
Who is affected by CVE-2021-26102?
CVE-2021-26102 affects FortiWAN versions 4.5.7 and below, as well as all versions of 4.4.
What type of vulnerability is CVE-2021-26102?
CVE-2021-26102 is a relative path traversal vulnerability (CWE-23).
What can an attacker do with CVE-2021-26102?
An attacker exploiting CVE-2021-26102 can delete system files, including specific configuration files that may reset the Admin password.
- agent/weakness
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/fortinet
- canonical/fortinet fortiwan
- version/fortinet fortiwan/4.4.0
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203