Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Mar 28, 2025

CVE-2021-24008

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

Affected products

Fortinet/FortiDDoSv5
cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
Range: 5.4.0
Fortinet/Fortindrv5
Range: 1.5.0
Fortinet/FortiDDoS-CMv5
Range: 5.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-20-105mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000