Vulnerability in Fortinet Fortios
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in p…
EPSS: 0.013 (79.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C.
Affected products
- Fortinet Fortios — versions FortiOS before 7.0.1
References
- fortiguard.com/advisory/FG-IR-21-049 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2021-26109?
- CVE-2021-26109 is a high-severity vulnerability in Fortinet Fortios. CVSS score: 8.1/10. Published 2021-12-08.
- How severe is CVE-2021-26109?
- High severity. CVSS v3 base score is 8.1 out of 10.