Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

Published

2021-12-08T12:15:07.737

Last Modified

2024-11-21T06:07:20.180

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

4.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fortinet fortiadc ≤ 5.4.4 Yes
Application fortinet fortiadc ≤ 6.0.3 Yes
Application fortinet fortiadc ≤ 6.1.3 Yes
Application fortinet fortiadc 6.2.0 Yes
Application fortinet fortiadc 6.2.1 Yes
Application fortinet fortimail * Yes
Application fortinet fortimail ≤ 5.6.3 Yes
Application fortinet fortimail ≤ 6.0.11 Yes
Application fortinet fortimail ≤ 6.2.7 Yes
Application fortinet fortimail ≤ 6.4.5 Yes
Application fortinet fortimail 7.0.0 Yes
Application fortinet fortimail 7.0.1 Yes
Application fortinet fortisandbox ≤ 3.2.2 Yes
Application fortinet fortisandbox 4.0.0 Yes
Application fortinet fortiweb ≤ 5.7.3 Yes
Application fortinet fortiweb ≤ 5.8.7 Yes
Application fortinet fortiweb ≤ 6.0.7 Yes
Application fortinet fortiweb ≤ 6.1.2 Yes
Application fortinet fortiweb ≤ 6.2.4 Yes
Application fortinet fortiweb ≤ 6.3.11 Yes
Application fortinet fortiweb 5.9.0 Yes
Application fortinet fortiweb 5.9.1 Yes
References