Local Access Control Vulnerability in Fortinet's Wireless Controller Products
CVE-2021-26093

6.6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiwlc
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2021-26093 describes a vulnerability within Fortinet's FortiWLC wireless controller software, specifically versions 8.6.0, 8.5.3, and prior releases. This security flaw involves an uninitialized pointer access (CWE-824), which could empower a local and authenticated attacker to execute specially crafted CLI commands. By doing so, the attacker could potentially crash the managed access point, leading to significant disruptions in network reliability and availability. Organizations using impacted versions are strongly advised to assess their vulnerability management protocols and apply recommended patches to safeguard their network environments.

Affected Version(s)

FortiWLC 8.6.0

FortiWLC 8.5.0 <= 8.5.3

FortiWLC 8.4.4 <= 8.4.8

References

https://fortiguard.com/psirt/FG-IR-21-002

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Jan 25, 2021