VDB

CVE-2021-26087

CVE-2021-26087 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.11% · 28.9th percentile

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.11%
28.9th percentile

Affected Products

VendorProductVersions
FortinetFortinet FortiOS, FortiProxyFortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Exploit Intelligence

Timeline

  • Jun 2, 2021 CVE Published
  • Jun 13, 2022 PoC Published
  • Jun 14, 2023 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 23, 2025 PoC Published
  • Mar 18, 2025 EPSS Score
  • Mar 31, 2025 EPSS Score
  • Apr 14, 2025 EPSS Score
  • Apr 27, 2025 EPSS Score
  • May 11, 2025 EPSS Score
  • May 24, 2025 EPSS Score
  • Jun 6, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›