Fortinet Security (27th April 2021)

Ref# AL2021_12 | Date: Apr 29th 2021


Fortinet has released a security advisory on 27th April 2021 addressing a vulnerability in the FortiWAN -version 4.5.7 and prior.

The vulnerability is exploitable due to an error in the authentication process, which can be achieved through the FortiWAN relative path traversal vulnerability (CWE-23). This may allow a remote non-authenticated attacker to delete system files by sending a crafted HTTP POST request and preforming directory traversal sequences. By deleting distinctive configuration files, it could lead to password reset in the administrator account which would then revert to a default value.

Product Affected:

  • FortiWAN version 4.5.7 and prior


  • It is recommended that you upgrade your FortiWAN upcoming version 4.5.8 or above and 5.1.1 or above.
  • Restrict administrative access from any source to local host only.

For further information on this vulnerability kindly follow the below URL:

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.

PDF Download: Fortinet Security.pdf


  • Fortinet Security Advisory (27th April 2021) Retrieved from Canadian Centre for Cyber Security


  • Authentication bypass in FortiWAN (28th April 2021) Retrieved from CyberSecurityHelp