Details of VAR-202107-0836

ID

VAR-202107-0836

CVE

CVE-2021-26088

TITLE

FSSO Collector Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010144

DESCRIPTION

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. FSSO Collector There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385052 // VULMON: CVE-2021-26088

AFFECTED PRODUCTS

vendor:	fortinet	model:	single sign-on	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	single sign-on	scope:	lt	version:	6.4.6	Trust: 1.0
vendor:	fortinet	model:	single sign-on	scope:	lt	version:	7.0.1	Trust: 1.0
vendor:	フォーティネット	model:	fortinet single sign on	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortinet single sign on	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortinet single sign on	scope:	lte	version:	5.0.295 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2021-010144 // NVD: CVE-2021-26088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26088
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26088
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26088
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-642
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385052
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-26088
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26088
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2021-26088
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-385052
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26088
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26088
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26088
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088 // NVD: CVE-2021-26088

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-385052 // JVNDB: JVNDB-2021-010144 // NVD: CVE-2021-26088

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-642

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202107-642

PATCH

title:	FG-IR-20-191	url:	https://fortiguard.com/advisory/FG-IR-20-191	Trust: 0.8
title:	Fortinet FSSO Collector Agent Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156727	Trust: 0.6
title:	-	url:	https://github.com/theogobinet/CVE-2021-26088	Trust: 0.1

sources: VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26088	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010144	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.2384	Trust: 0.6
db:	CS-HELP	id:	SB2021071406	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-642	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-385052	Trust: 0.1
db:	VULMON	id:	CVE-2021-26088	Trust: 0.1

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-191	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26088	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2384	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071406	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://github.com/theogobinet/cve-2021-26088	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088

SOURCES

db:	VULHUB	id:	VHN-385052
db:	VULMON	id:	CVE-2021-26088
db:	JVNDB	id:	JVNDB-2021-010144
db:	CNNVD	id:	CNNVD-202107-642
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-26088

LAST UPDATE DATE

2024-08-14T13:17:40.664000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385052	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-26088	date:	2021-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-010144	date:	2022-06-22T05:21:00
db:	CNNVD	id:	CNNVD-202107-642	date:	2022-03-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-26088	date:	2021-08-02T17:48:37.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385052	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-26088	date:	2021-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-010144	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202107-642	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-26088	date:	2021-07-12T14:15:08.113