CVE-2021-26109
published 2021-12-08CVE-2021-26109: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.82%
76.1th percentile
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.0.0 – 6.0.12 | — |
| fortinet | fortios | 6.2.0 – 6.2.9 | — |
| fortinet | fortios | 6.4.0 – 6.4.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target attack surface is the SSLVPN memory allocator in FortiOS; monitor for anomalous or malformed requests directed at the SSLVPN endpoint that may trigger integer overflow/wraparound in heap allocation ↗
- →Attacker is unauthenticated — no valid session or credentials required; detection should cover pre-auth traffic to SSLVPN listeners, not just authenticated sessions ↗
- →CWE-190 (Integer Overflow or Wraparound) in the heap allocator path; look for crash/core dumps, unexpected process restarts, or memory corruption indicators in FortiOS SSLVPN daemon logs ↗
- ·Vulnerability affects FortiOS versions before 7.0.1; ensure patching to 7.0.1 or later. All unpatched FortiOS SSLVPN deployments exposed to untrusted networks are at risk from unauthenticated attackers. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an u...
vendor_fortinet·2021-12-08·CVSS 8.1
CVE-2021-26109 [HIGH] CWE-190 An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an u...
FG-IR-21-049: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an u...
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
CVEs: CVE-2021-26109
CWEs: CWE-190
CVSS: 8.1 (high)
Affected products: FortiOS
GHSA
GHSA-9h5m-38gw-j896: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7
ghsa_unreviewed·2021-12-09
CVE-2021-26109 [CRITICAL] CWE-190 GHSA-9h5m-38gw-j896: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-08
Published