CVE-2021-26109

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.0.1

Description The issue is related to an integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS. This vulnerability may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, potentially resulting in arbitrary code execution.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSLVPN service until a patch is applied. Avoid using the SSLVPN service with untrusted or unknown requests until the issue is resolved.