CVE-2021-26093

Published: Dic 19, 2024 Last Modified: Gen 21, 2025 EU-VD ID: EUVD-2021-12914 Aliases: GSD-2021-26093
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: high

Description

AI Translation Available

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 90 Days)

824

Access of Uninitialized Pointer

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Integrity
Potential Impacts:
Read Memory Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Memory-Unsafe
View CWE Details
Application

Fortiwlc by Fortinet

Product Information
Vendor Fortinet
Product Fortiwlc
Version Range Affected
From 8.0.6 (inclusive)
To 8.6.3 (exclusive)
cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://fortiguard.com/psirt/FG-IR-21-002
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-21-002