CVE-2021-24012 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-24012 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.21% · 42.9th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.21%

42.9th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Timeline

Jun 2, 2021 CVE Published
Jun 3, 2021 EPSS Score
Aug 4, 2021 EPSS Score
Oct 4, 2021 EPSS Score
Dec 3, 2021 EPSS Score
Feb 2, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 3, 2022 EPSS Score
Jun 2, 2022 EPSS Score
Jun 13, 2022 PoC Published
Aug 3, 2022 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-21-002 advisory
https://www.fortiguard.com/psirt/FG-IR-20-049 advisory
https://www.fortiguard.com/psirt/FG-IR-20-231 advisory
https://www.fortiguard.com/psirt/FG-IR-21-006 advisory
https://www.fortiguard.com/psirt/FG-IR-18-157 advisory
https://www.fortiguard.com/psirt/FG-IR-21-001 advisory
https://www.fortiguard.com/psirt/FG-IR-20-233 advisory
https://www.fortiguard.com/psirt/FG-IR-20-147 advisory
https://www.fortiguard.com/psirt/FG-IR-21-018 advisory
https://www.fortiguard.com/psirt/FG-IR-20-137 advisory
https://www.fortiguard.com/psirt/FG-IR-20-120 advisory
https://www.fortiguard.com/psirt/FG-IR-20-199 advisory
https://www.fortiguard.com/psirt/FG-IR-21-026 advisory
https://fortiguard.com/advisory/FG-IR-18-389 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 url

Open in Interactive Console →