ID

VAR-202107-0836


CVE

CVE-2021-26088


TITLE

FSSO Collector  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010144

DESCRIPTION

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. FSSO Collector There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385052 // VULMON: CVE-2021-26088

AFFECTED PRODUCTS

vendor:fortinetmodel:single sign-onscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:single sign-onscope:ltversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:single sign-onscope:ltversion:7.0.1

Trust: 1.0

vendor:フォーティネットmodel:fortinet single sign onscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortinet single sign onscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortinet single sign onscope:lteversion:5.0.295 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2021-010144 // NVD: CVE-2021-26088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26088
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-26088
value: HIGH

Trust: 1.0

NVD: CVE-2021-26088
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202107-642
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-385052
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-26088
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26088
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-26088
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-385052
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26088
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26088
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-26088
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088 // NVD: CVE-2021-26088

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-385052 // JVNDB: JVNDB-2021-010144 // NVD: CVE-2021-26088

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-642

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202107-642

PATCH

title:FG-IR-20-191url:https://fortiguard.com/advisory/FG-IR-20-191

Trust: 0.8

title:Fortinet FSSO Collector Agent Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156727

Trust: 0.6

title: - url:https://github.com/theogobinet/CVE-2021-26088

Trust: 0.1

sources: VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642

EXTERNAL IDS

db:NVDid:CVE-2021-26088

Trust: 3.4

db:JVNDBid:JVNDB-2021-010144

Trust: 0.8

db:AUSCERTid:ESB-2021.2384

Trust: 0.6

db:CS-HELPid:SB2021071406

Trust: 0.6

db:CNNVDid:CNNVD-202107-642

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-385052

Trust: 0.1

db:VULMONid:CVE-2021-26088

Trust: 0.1

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-191

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26088

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2384

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071406

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://github.com/theogobinet/cve-2021-26088

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-385052 // VULMON: CVE-2021-26088 // JVNDB: JVNDB-2021-010144 // CNNVD: CNNVD-202107-642 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26088

SOURCES

db:VULHUBid:VHN-385052
db:VULMONid:CVE-2021-26088
db:JVNDBid:JVNDB-2021-010144
db:CNNVDid:CNNVD-202107-642
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-26088

LAST UPDATE DATE

2024-08-14T13:17:40.664000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385052date:2021-08-02T00:00:00
db:VULMONid:CVE-2021-26088date:2021-08-02T00:00:00
db:JVNDBid:JVNDB-2021-010144date:2022-06-22T05:21:00
db:CNNVDid:CNNVD-202107-642date:2022-03-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-26088date:2021-08-02T17:48:37.477

SOURCES RELEASE DATE

db:VULHUBid:VHN-385052date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-26088date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-010144date:2022-06-22T00:00:00
db:CNNVDid:CNNVD-202107-642date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-26088date:2021-07-12T14:15:08.113