CVE-2021-26113 MEDIUM

CVE-2021-26113

Vendor Fortinet
Product Fortinet FortiWAN
Published April 6, 2022
Last update October 22, 2024

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.

Key dates

02Disclosure timeline

April 6, 2022 CVE published
October 22, 2024 Record updated