{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T09:07:10.418","vulnerabilities":[{"cve":{"id":"CVE-2021-41024","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-08T13:15:07.957","lastModified":"2024-11-21T06:25:17.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page."},{"lang":"es","value":"Una vulnerabilidad de salto de ruta relativa [CWE-23] en FortiOS versiones 7.0.0 y 7.0.1 y en FortiProxy versión 7.0.0, puede permitir a un atacante no autenticado y no autorizado inyectar secuencias de caracteres de salto de ruta para revelar información confidencial del servidor por medio de la petición GET de la página de inicio de sesión"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D909C90B-E136-4E8E-B551-FE0369172C1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"79FEE7F6-F72E-4A43-883C-0CF492DF355B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FBDFDF02-2136-4DE0-A19B-FE3654ED90A4"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-181","source":"psirt@fortinet.com","tags":["Patch","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-181","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}