CVE-2021-26088 is a vulnerability in Fortinet Single Sign On
Published on July 12, 2021
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW
Products Associated with CVE-2021-26088
Want to know whenever a new CVE is published for Fortinet Single Sign On? stack.watch will email you.
Affected Versions
Fortinet FSSO Windows DC Agent, FSSO Windows CA Version FSSO Windows DC Agent 5.0.295, 5.0.294; FSSO Windows CA 5.0.295, 5.0.294 is affected by CVE-2021-26088Exploit Probability
EPSS
5.48%
Percentile
90.06%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.