{"cve":{"cve_id":"CVE-2021-41024","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0155,"epss_percentile":0.71866,"epss_as_of":"2026-06-23","description":"A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.","published_at":"2021-12-08T12:11:04Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":null,"nvd_references":["https://fortiguard.com/advisory/FG-IR-21-181"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:16:11.392586Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"F","value_label":"F"},{"metric":"RL","name":"RL","value":"X","value_label":"X"},{"metric":"RC","name":"RC","value":"X","value_label":"X"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"fortinet","vendor_name":"fortinet","product_slug":"fortinet-fortios","product_name":"Fortinet FortiOS","version_start":"FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0","version_start_inclusive":true,"version_end":"FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:fortinet:fortinet-fortios:FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0:FortiOS 7.0.1, 7.0.0 FortiProxy 7.0.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-181","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2021-12-08T12:11:04Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:47.654584Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:47.654584Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:47.654584Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:47.654584Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:47.654584Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:47.654584Z","label":"CVSS score revised","source":"vulnrichment"}]}