Fortinet FortiWLC Access Point Uninitialized Pointer Access Vulnerability
CVE-2021-26093 Published on December 19, 2024

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.

NVD

Vulnerability Analysis

CVE-2021-26093 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Access of Uninitialized Pointer

The program accesses or uses a pointer that has not been initialized.

Products Associated with CVE-2021-26093

Want to know whenever a new CVE is published for Fortinet Fortiwlc? stack.watch will email you.

Fortinet Fortiwlc

Affected Versions

Fortinet FortiWLC:

Version 8.6.0 is affected.
Version 8.5.0, <= 8.5.3 is affected.
Version 8.4.4, <= 8.4.8 is affected.
Version 8.4.0, <= 8.4.2 is affected.
Version 8.3.0, <= 8.3.3 is affected.
Version 8.2.4, <= 8.2.7 is affected.
Version 8.1.2, <= 8.1.3 is affected.
Version 8.0.6 is affected.

Exploit Probability

EPSS

0.11%

Percentile

29.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.