CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-20-105	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::

Configuration 2 (hide)

cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:fortinet:fortiddos-cm:4.7.0:::::::*
	cpe:2.3:a:fortinet:fortiddos-cm:5.0.0:::::::*
	cpe:2.3:a:fortinet:fortiddos-cm:5.1.0:::::::*
	cpe:2.3:a:fortinet:fortiddos-cm:5.2.0:::::::*
	cpe:2.3:a:fortinet:fortiddos-cm:5.3.0:::::::*

History

No history.

Information

Published : 2025-03-28 11:15

Updated : 2025-07-24 19:57

NVD link : CVE-2021-24008

Mitre link : CVE-2021-24008

CVE.ORG link : CVE-2021-24008

JSON object : View

Products Affected

fortinet

fortivoice
fortirecorder
fortiddos
fortimail
fortiddos-cm

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-Other

{"id": "CVE-2021-24008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-28T11:15:36.620", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n sensible del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiDDoS versi\u00f3n 5.4.0, versi\u00f3n 5.3.2 y anteriores, versi\u00f3n 5.2.0, versi\u00f3n 5.1.0, versi\u00f3n 5.0.0, versi\u00f3n 4.7.0, versi\u00f3n 4.6.0, versi\u00f3n 4.5.0, versi\u00f3n 4.4.2 y anteriores, FortiDDoS-CM versi\u00f3n 5.3.0, versi\u00f3n 5.2.0, versi\u00f3n 5.1.0, versi\u00f3n 5.0.0, versi\u00f3n 4.7.0, FortiVoice versi\u00f3n 6.0.6 y anteriores, FortiRecorder versi\u00f3n 6.0.3 y anteriores y FortiMail versi\u00f3n 6.4.1 y anteriores, versi\u00f3n 6.2.4 y anteriores, versi\u00f3n 6.0.9 y anteriores puede permitir que un atacante remoto no autenticado obtenga informaci\u00f3n potencialmente sensible de la versi\u00f3n del software leyendo un archivo JavaScript."}], "lastModified": "2025-07-24T19:57:26.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F99B304-8B86-424C-8548-7DD5A0A901E0", "versionEndExcluding": "6.0.10", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6896BC5-4B25-45DC-B3C5-8BB80E7C0694", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "747A8704-F9ED-4710-9B89-C11E49EA7484", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0DAD000-EF92-4833-9360-4E93D3597360", "versionEndExcluding": "5.4.3", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B81F4B-C56A-433B-B9AA-35E35031D711", "versionEndExcluding": "6.0.7", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0899107-6CAD-40E6-827D-15A73CDB3953", "versionEndExcluding": "6.0.4", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiddos-cm:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9137E599-E5EE-4A4E-ADCE-02842FC5C2FA"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-cm:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABBCB00D-8C50-414E-8918-258EF062515D"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-cm:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82CCAFC5-D480-430A-902C-8B92D20AC09D"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-cm:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9301AAD-CDDE-4480-97A9-0C1EFF2EB31F"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-cm:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A0FC0C-A37F-450E-82F3-9B0C4C4752B6"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}