CVE-2021-26113

MEDIUM

FortiWAN <4.5.9 - Info Disclosure

Title source: llm

Description

A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-21-064

Scores

CVSS v3 6.2

EPSS 0.0010

EPSS Percentile 27.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-916

Status published

Products (1)

fortinet/fortiwan < 4.5.9

Published Apr 06, 2022

Tracked Since Feb 18, 2026