CVE-2021-26088

CVE Database · CVE-2021-26088

CVE-2021-26088

· HIGHModified

CVSS v3.1

7.1

EPSS

1.03%

Published

Jul 12, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-287

Affected Products (2)

fortinet · fortinet_single_sign-on (up to 6.4.6)vulnerable

fortinet · fortinet_single_sign-on (up to 7.0.1)vulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-20-191

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-191

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs