CVE-2021-26095 HIGH

CVE-2021-26095

Vendor Fortinet
Product Fortinet FortiMail
Published July 20, 2021
Last update October 25, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.

Key dates

02Disclosure timeline

July 20, 2021 CVE published
October 25, 2024 Record updated