CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-21-049 Patch Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-049 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:55

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 8.1
References () https://fortiguard.com/advisory/FG-IR-21-049 - Patch, Vendor Advisory () https://fortiguard.com/advisory/FG-IR-21-049 - Patch, Vendor Advisory

Information

Published : 2021-12-08 13:15

Updated : 2024-11-21 05:55


NVD link : CVE-2021-26109

Mitre link : CVE-2021-26109

CVE.ORG link : CVE-2021-26109


JSON object : View

Products Affected

fortinet

  • fortios
CWE
CWE-190

Integer Overflow or Wraparound