CVE-2021-26092 — Vulnetix

CVE-2021-26092 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.53% · 67.6th percentile

Risk Scores

CVSS 3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.53%

67.6th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Exploit Intelligence

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 (circl)
https://fortiguard.com/advisory/FG-IR-18-389 (circl)
https://www.fortiguard.com/psirt/FG-IR-20-231 (circl)
CIRCL exploited: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)

Timeline

Jun 2, 2021 CVE Published
Feb 24, 2022 EPSS Score
Apr 17, 2022 EPSS Score
Jun 8, 2022 EPSS Score
Jun 13, 2022 PoC Published
Jul 31, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 16, 2023 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-21-002 advisory
https://www.fortiguard.com/psirt/FG-IR-20-049 advisory
https://www.fortiguard.com/psirt/FG-IR-20-231 advisory
https://www.fortiguard.com/psirt/FG-IR-21-006 advisory
https://www.fortiguard.com/psirt/FG-IR-18-157 advisory
https://www.fortiguard.com/psirt/FG-IR-21-001 advisory
https://www.fortiguard.com/psirt/FG-IR-20-233 advisory
https://www.fortiguard.com/psirt/FG-IR-20-147 advisory
https://www.fortiguard.com/psirt/FG-IR-21-018 advisory
https://www.fortiguard.com/psirt/FG-IR-20-137 advisory
https://www.fortiguard.com/psirt/FG-IR-20-120 advisory
https://www.fortiguard.com/psirt/FG-IR-20-199 advisory
https://www.fortiguard.com/psirt/FG-IR-21-026 advisory
https://fortiguard.com/advisory/FG-IR-18-389 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 url

Open in Interactive Console →