CVE-2021-26110
First published: Wed Dec 08 2021(Updated: )
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.9 | |
| Fortinet FortiProxy | =2.0.0 | |
| Fortinet FortiProxy | =2.0.1 | |
| Fortinet FortiOS | >=5.6.0<=5.6.14 | |
| Fortinet FortiOS | >=6.0.0<=6.0.12 | |
| Fortinet FortiOS | >=6.2.0<=6.2.9 | |
| Fortinet FortiOS | >=6.4.0<=6.4.6 | |
| Fortinet FortiOS | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26110?
CVE-2021-26110 is an improper access control vulnerability in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below, and FortiProxy 2.0.1 and below, 1.2.9 and below.
What is the severity of CVE-2021-26110?
The severity of CVE-2021-26110 is high with a CVSS score of 7.8.
How does CVE-2021-26110 impact FortiProxy?
CVE-2021-26110 affects FortiProxy versions 1.0.0 to 1.0.7, 1.1.0 to 1.1.6, 1.2.0 to 1.2.9, 2.0.0, and 2.0.1.
How does CVE-2021-26110 impact FortiOS?
CVE-2021-26110 affects FortiOS versions 5.6.0 to 5.6.14, 6.0.0 to 6.0.12, 6.2.0 to 6.2.9, 6.4.0 to 6.4.6, and 7.0.0.
Is there a reference for CVE-2021-26110?
Yes, you can find more information about CVE-2021-26110 at the following reference: [FortiGuard Advisory FG-IR-20-131](https://fortiguard.com/advisory/FG-IR-20-131).
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.9
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.1
- canonical/fortinet fortios
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.14
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.12
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.9
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.6
- version/fortinet fortios/7.0.0