ID

VAR-202107-0838


CVE

CVE-2021-26090


TITLE

Fortinet FortiMail Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

DESCRIPTION

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-26090 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385054 // VULMON: CVE-2021-26090

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.5

Trust: 1.0

sources: NVD: CVE-2021-26090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26090
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-26090
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202107-626
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-385054
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-26090
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26090
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-385054
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26090
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26090
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090 // NVD: CVE-2021-26090

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

sources: VULHUB: VHN-385054 // NVD: CVE-2021-26090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975

PATCH

title:Fortinet FortiMail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156726

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

EXTERNAL IDS

db:NVDid:CVE-2021-26090

Trust: 1.8

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-626

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-385054

Trust: 0.1

db:VULMONid:CVE-2021-26090

Trust: 0.1

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-042

Trust: 1.8

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090

SOURCES

db:VULHUBid:VHN-385054
db:VULMONid:CVE-2021-26090
db:CNNVDid:CNNVD-202107-626
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-26090

LAST UPDATE DATE

2024-08-14T12:56:57.620000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-385054date:2021-07-13T00:00:00
db:VULMONid:CVE-2021-26090date:2021-07-13T00:00:00
db:CNNVDid:CNNVD-202107-626date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-26090date:2021-07-13T19:26:47.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-385054date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-26090date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202107-626date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-26090date:2021-07-12T13:15:07.827