VDB

CVE-2021-26093

CVE-2021-26093 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 0.11% · 29.2th percentile

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.11%
29.2th percentile

Affected Products

VendorProductVersions
FortinetFortinet FortiOS, FortiProxyFortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Timeline

  • Jun 2, 2021 CVE Published
  • Jun 13, 2022 PoC Published
  • Jun 14, 2023 PoC Published
  • Dec 20, 2024 EPSS Score
  • Dec 24, 2024 PoC Published
  • Jan 5, 2025 EPSS Score
  • Jan 22, 2025 EPSS Score
  • Feb 7, 2025 EPSS Score
  • Feb 23, 2025 PoC Published
  • Feb 24, 2025 EPSS Score
  • Mar 12, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›