{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T12:38:04.501","vulnerabilities":[{"cve":{"id":"CVE-2021-26109","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-08T13:15:07.660","lastModified":"2024-11-21T05:55:52.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution."},{"lang":"es","value":"Una vulnerabilidad de desbordamiento de enteros o wraparound en el asignador de memoria de SSLVPN en FortiOS versiones anteriores a 7.0.1, puede permitir a un atacante no autenticado corromper los datos de control en el montón por medio de peticiones específicamente diseñadas a SSLVPN, resultando en una ejecución de código potencialmente arbitraria"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.12","matchCriteriaId":"B09D1C32-BF6B-4B27-91D4-1347EFB8ECB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.9","matchCriteriaId":"C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.5","matchCriteriaId":"B9633128-886B-493E-8F17-00110EE0EF91"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"79FEE7F6-F72E-4A43-883C-0CF492DF355B"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-049","source":"psirt@fortinet.com","tags":["Patch","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-049","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}