Details of VAR-202503-4051

ID

VAR-202503-4051

CVE

CVE-2021-24008

TITLE

Vulnerabilities in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021880

DESCRIPTION

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. FortiMail , FortiDDoS , FortiVoice Unspecified vulnerabilities exist in multiple Fortinet products.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-24008 // JVNDB: JVNDB-2021-021880

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiddos-cm	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	gte	version:	4.4.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiddos-cm	scope:	eq	version:	5.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiddos-cm	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	6.0.4	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.0.10	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiddos	scope:	lt	version:	5.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiddos-cm	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.2.5	Trust: 1.0
vendor:	fortinet	model:	fortiddos-cm	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiddos-cm	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021880 // NVD: CVE-2021-24008

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2021-24008
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-021880
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2021-24008
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-021880
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021880 // NVD: CVE-2021-24008

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021880 // NVD: CVE-2021-24008

PATCH

title:

FG-IR-20-105

url:

https://fortiguard.fortinet.com/psirt/FG-IR-20-105

Trust: 0.8

sources: JVNDB: JVNDB-2021-021880

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24008	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-021880	Trust: 0.8

sources: JVNDB: JVNDB-2021-021880 // NVD: CVE-2021-24008

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-20-105	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24008	Trust: 0.8

sources: JVNDB: JVNDB-2021-021880 // NVD: CVE-2021-24008

SOURCES

db:	JVNDB	id:	JVNDB-2021-021880
db:	NVD	id:	CVE-2021-24008

LAST UPDATE DATE

2025-08-01T23:21:41.247000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021880	date:	2025-07-29T07:59:00
db:	NVD	id:	CVE-2021-24008	date:	2025-07-24T19:57:26.330

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021880	date:	2025-07-29T00:00:00
db:	NVD	id:	CVE-2021-24008	date:	2025-03-28T11:15:36.620