CVE-2021-24008

CVE Database · CVE-2021-24008

CVE-2021-24008

· MEDIUMAnalyzed

CVSS v3.1

5.3

EPSS

0.45%

Published

Mar 28, 2025

Modified

Jul 24, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (11)

fortinet · fortimail (up to 6.0.10)vulnerable

fortinet · fortimail (up to 6.2.5)vulnerable

fortinet · fortimail (up to 6.4.2)vulnerable

fortinet · fortiddos (up to 5.4.3)vulnerable

fortinet · fortivoice (up to 6.0.7)vulnerable

fortinet · fortirecorder (up to 6.0.4)vulnerable

fortinet · fortiddos-cmvulnerable

fortinet · fortiddos-cm

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-20-105

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs