S4E

CVE-2021-3378 Scanner

Detects 'File Upload' vulnerability in FortiLogger affects v. 4.4.2.2.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

FortiLogger is a popular software used for logging and monitoring network data and security events. It provides comprehensive network security solutions to protect digital assets from cyber threats and unauthorized access. FortiLogger also offers real-time monitoring and alerts for suspicious activities, enabling IT teams to respond promptly to any security incident. Furthermore, it aids in IT compliance by providing detailed network activity logs required for auditing and reporting purposes.

Recently, FortiLogger 4.4.2.2 has been identified with a vulnerability code CVE-2021-3378. This vulnerability allows an attacker to upload arbitrary files by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile, which can then be accessed by visiting Assets/temp/hotspot/img/logohotspot.asp. This flaw can be exploited by hackers to gain unauthorized access to the network and execute malicious codes to compromise critical data, leak confidential information, or launch ransomware attacks. 

In the hands of an attacker, the CVE-2021-3378 vulnerability can pose serious risks to network security. A successful exploitation can lead to a range of devastating consequences, ranging from financial losses to reputational damage. Cybercriminals can easily take advantage of the uploaded files to introduce malware, steal data, or execute malicious commands. Moreover, these attacks can be carried out remotely and without the need for any authentication, making it essential to resolve this issue as quickly as possible. 

Thanks to the pro features of the s4e.io platform, businesses can easily and quickly learn about vulnerabilities in their digital assets, including FortiLogger. By providing comprehensive insights into network security vulnerabilities, this platform helps businesses stay one step ahead of cybercriminals and safeguard their critical data. Whether you're an IT pro or a small business owner, s4e.io provides the essential tools and expertise necessary to protect against cyber threats and stay ahead of the curve in today's rapidly evolving digital landscape.

 

REFERENCES

Get started to protecting your Free Full Security Scan