CVE-2021-26092 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-26092 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.53% · 67.0th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.53%

67.0th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Timeline

Jun 2, 2021 CVE Published
Feb 24, 2022 EPSS Score
Apr 16, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Jun 13, 2022 PoC Published
Jul 29, 2022 EPSS Score
Sep 18, 2022 EPSS Score
Nov 9, 2022 EPSS Score
Dec 30, 2022 EPSS Score
Feb 19, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-21-002 advisory
https://www.fortiguard.com/psirt/FG-IR-20-049 advisory
https://www.fortiguard.com/psirt/FG-IR-20-231 advisory
https://www.fortiguard.com/psirt/FG-IR-21-006 advisory
https://www.fortiguard.com/psirt/FG-IR-18-157 advisory
https://www.fortiguard.com/psirt/FG-IR-21-001 advisory
https://www.fortiguard.com/psirt/FG-IR-20-233 advisory
https://www.fortiguard.com/psirt/FG-IR-20-147 advisory
https://www.fortiguard.com/psirt/FG-IR-21-018 advisory
https://www.fortiguard.com/psirt/FG-IR-20-137 advisory
https://www.fortiguard.com/psirt/FG-IR-20-120 advisory
https://www.fortiguard.com/psirt/FG-IR-20-199 advisory
https://www.fortiguard.com/psirt/FG-IR-21-026 advisory
https://fortiguard.com/advisory/FG-IR-18-389 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 url

Open in Interactive Console →