Details of VAR-202107-0838

ID

VAR-202107-0838

CVE

CVE-2021-26090

TITLE

Fortinet FortiMail Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

DESCRIPTION

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-26090 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385054 // VULMON: CVE-2021-26090

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	lte	version:	6.2.6	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.5	Trust: 1.0

sources: NVD: CVE-2021-26090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26090
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26090
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202107-626
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385054
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-26090
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26090
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-385054
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26090
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-26090
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090 // NVD: CVE-2021-26090

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.1

sources: VULHUB: VHN-385054 // NVD: CVE-2021-26090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975

PATCH

title:

Fortinet FortiMail Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156726

Trust: 0.6

sources: CNNVD: CNNVD-202107-626

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26090	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.2380	Trust: 0.6
db:	CS-HELP	id:	SB2021071352	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-626	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-385054	Trust: 0.1
db:	VULMON	id:	CVE-2021-26090	Trust: 0.1

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-21-042	Trust: 1.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2380	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071352	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-385054 // VULMON: CVE-2021-26090 // CNNVD: CNNVD-202107-626 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-26090

SOURCES

db:	VULHUB	id:	VHN-385054
db:	VULMON	id:	CVE-2021-26090
db:	CNNVD	id:	CNNVD-202107-626
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-26090

LAST UPDATE DATE

2024-08-14T12:56:57.620000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385054	date:	2021-07-13T00:00:00
db:	VULMON	id:	CVE-2021-26090	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-626	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-26090	date:	2021-07-13T19:26:47.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385054	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-26090	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202107-626	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-26090	date:	2021-07-12T13:15:07.827