What is CVE-2021-3378?

CVE-2021-3378 is a vulnerability in N/a. Published 2021-02-01.

Is CVE-2021-3378 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-3378

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

erberkan/fortilogger_arbitrary_fileupload
rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates
HimmelAward/Goby_
NaInSec/CVE-PoC-in-GitHub
NyxAzrael/Goby_

References

github.com/erberkan/fortilogger_arbitrary_fileupload (x_refsource_MISC)
packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload… (x_refsource_MISC)
packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3378?: CVE-2021-3378 is a vulnerability in N/a. Published 2021-02-01.
Is CVE-2021-3378 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.