What is the severity of CVE-2021-26092?

The severity of CVE-2021-26092 is medium.

What is the affected software for CVE-2021-26092?

The affected software for CVE-2021-26092 includes FortiOS versions 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, and 6.4.0 through 6.4.4, as well as FortiProxy versions 1.2.0 through 1.2.9 and 2.0.0 through 2.0.1.

How does CVE-2021-26092 affect Fortinet FortiOS?

CVE-2021-26092 affects FortiOS by failing to sanitize input in the SSL VPN web portal, which may allow a remote unauthenticated attacker to perform malicious actions.

How does CVE-2021-26092 affect Fortinet FortiProxy?

CVE-2021-26092 affects FortiProxy by failing to sanitize input in the SSL VPN web portal, which may allow a remote unauthenticated attacker to perform malicious actions.

How can I fix CVE-2021-26092?

To fix CVE-2021-26092, it is recommended to update FortiOS and FortiProxy to the latest patched versions provided by Fortinet.

Vulnerability/
CVE-2021-26092

medium

6.1

CWE

1/6/2021

24/2/2022

22/10/2024

25/10/2024

CVE-2021-26092: [SSL VPN Portal] Reflected XSS via the error request

First published: Tue Jun 01 2021(Updated: )

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiProxy	>=1.2.0<=1.2.9
Fortinet FortiProxy	=2.0.0
Fortinet FortiProxy	=2.0.1
Fortinet FortiOS	>=5.2.10<=5.2.15
Fortinet FortiOS	>=5.4.0<=5.4.13
Fortinet FortiOS	>=5.6.0<=5.6.14
Fortinet FortiOS	>=6.0.0<=6.0.12
Fortinet FortiOS	>=6.2.0<=6.2.7
Fortinet FortiOS	>=6.4.0<=6.4.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-26092?
The severity of CVE-2021-26092 is medium.
What is the affected software for CVE-2021-26092?
The affected software for CVE-2021-26092 includes FortiOS versions 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, and 6.4.0 through 6.4.4, as well as FortiProxy versions 1.2.0 through 1.2.9 and 2.0.0 through 2.0.1.
How does CVE-2021-26092 affect Fortinet FortiOS?
CVE-2021-26092 affects FortiOS by failing to sanitize input in the SSL VPN web portal, which may allow a remote unauthenticated attacker to perform malicious actions.
How does CVE-2021-26092 affect Fortinet FortiProxy?
CVE-2021-26092 affects FortiProxy by failing to sanitize input in the SSL VPN web portal, which may allow a remote unauthenticated attacker to perform malicious actions.
How can I fix CVE-2021-26092?
To fix CVE-2021-26092, it is recommended to update FortiOS and FortiProxy to the latest patched versions provided by Fortinet.

agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2021-26092
collector/fortiguard-psirt
agent/title
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/fortinet
canonical/fortinet fortiproxy
version/fortinet fortiproxy/1.2.0
version/fortinet fortiproxy/1.2.9
version/fortinet fortiproxy/2.0.0
version/fortinet fortiproxy/2.0.1
canonical/fortinet fortios
version/fortinet fortios/5.2.10
version/fortinet fortios/5.2.15
version/fortinet fortios/5.4.0
version/fortinet fortios/5.4.13
version/fortinet fortios/5.6.0
version/fortinet fortios/5.6.14
version/fortinet fortios/6.0.0
version/fortinet fortios/6.0.12
version/fortinet fortios/6.2.0
version/fortinet fortios/6.2.7
version/fortinet fortios/6.4.0
version/fortinet fortios/6.4.4