Vulnerability DatabaseCVE-2021-41024

CVE-2021-41024:
FortiOS vulnerability analysis and mitigation

Overview

A relative path traversal vulnerability (CVE-2021-41024) was discovered in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy version 7.0.0. The vulnerability was disclosed on December 7, 2021, and received a High severity rating with a CVSS v3.1 score of 7.5 (Fortinet Advisory, NVD).

Technical details

The vulnerability is classified as a path traversal issue [CWE-22] that allows an unauthenticated, unauthorized attacker to inject path traversal character sequences via the GET request of the login page. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed (NVD).

Impact

If exploited, this vulnerability allows attackers to disclose sensitive information from the server. The impact is primarily focused on confidentiality, with high potential for information disclosure, while integrity and availability are not affected (Fortinet Advisory).

Mitigation and workarounds

Fortinet has released patches to address this vulnerability. Users should upgrade FortiGate to version 7.0.2 or above, and FortiProxy to version 7.0.1 or above. FortiGate versions 6.2.x and 6.4.x are not impacted by this vulnerability (Fortinet Advisory).

Community reactions

Fortinet acknowledged Mohammed Eldeeb from Spark Engineering Consultants for reporting this vulnerability under responsible disclosure (Fortinet Advisory).

Additional resources

Source: This report was generated using AI

Related FortiOS vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-25249	CRITICAL	9.8	FortiOS	cpe:2.3:o:fortinet:fortios	No	Yes	Jan 13, 2026
CVE-2025-59718	CRITICAL	9.8	FortiOS	cpe:2.3:a:fortinet:fortiproxy	Yes	Yes	Dec 09, 2025
CVE-2024-47570	MEDIUM	6.6	FortiOS	cpe:2.3:a:fortinet:fortiproxy	No	Yes	Dec 09, 2025
CVE-2025-62631	MEDIUM	5.6	FortiOS	cpe:2.3:o:fortinet:fortios	No	Yes	Dec 09, 2025
CVE-2024-40593	MEDIUM	4.4	FortiOS	cpe:2.3:o:fortinet:fortios	No	Yes	Dec 11, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2021-41024: FortiOS vulnerability analysis and mitigation