Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

Published

2021-12-08T13:15:07.660

Last Modified

2024-11-21T05:55:52.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System fortinet fortios ≤ 6.0.12 Yes
Operating System fortinet fortios ≤ 6.2.9 Yes
Operating System fortinet fortios ≤ 6.4.5 Yes
Operating System fortinet fortios 7.0.0 Yes
References