ID

VAR-202107-0631


CVE

CVE-2021-24020


TITLE

FortiMail  Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2021-008984

DESCRIPTION

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. FortiMail Contains a cryptographic vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-24020 // JVNDB: JVNDB-2021-008984 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382738 // VULMON: CVE-2021-24020

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:ltversion:6.4.5

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.2.7

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.0 to 6.4.4

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.2.0 to 6.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008984 // NVD: CVE-2021-24020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24020
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-24020
value: HIGH

Trust: 1.0

NVD: CVE-2021-24020
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-558
value: CRITICAL

Trust: 0.6

VULHUB: VHN-382738
value: HIGH

Trust: 0.1

VULMON: CVE-2021-24020
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-24020
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-382738
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-24020
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-24020
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-382738 // VULMON: CVE-2021-24020 // JVNDB: JVNDB-2021-008984 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-558 // NVD: CVE-2021-24020 // NVD: CVE-2021-24020

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:Inadequate encryption strength (CWE-326) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-326

Trust: 0.1

sources: VULHUB: VHN-382738 // JVNDB: JVNDB-2021-008984 // NVD: CVE-2021-24020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-558

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-027url:https://fortiguard.com/advisory/FG-IR-21-027

Trust: 0.8

sources: JVNDB: JVNDB-2021-008984

EXTERNAL IDS

db:NVDid:CVE-2021-24020

Trust: 3.4

db:JVNDBid:JVNDB-2021-008984

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-558

Trust: 0.6

db:VULHUBid:VHN-382738

Trust: 0.1

db:VULMONid:CVE-2021-24020

Trust: 0.1

sources: VULHUB: VHN-382738 // VULMON: CVE-2021-24020 // JVNDB: JVNDB-2021-008984 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-558 // NVD: CVE-2021-24020

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-027

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-24020

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/326.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382738 // VULMON: CVE-2021-24020 // JVNDB: JVNDB-2021-008984 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-558 // NVD: CVE-2021-24020

SOURCES

db:VULHUBid:VHN-382738
db:VULMONid:CVE-2021-24020
db:JVNDBid:JVNDB-2021-008984
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-558
db:NVDid:CVE-2021-24020

LAST UPDATE DATE

2024-08-14T12:47:55.399000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382738date:2022-07-12T00:00:00
db:VULMONid:CVE-2021-24020date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-008984date:2022-04-01T09:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-558date:2022-07-14T00:00:00
db:NVDid:CVE-2021-24020date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-382738date:2021-07-09T00:00:00
db:VULMONid:CVE-2021-24020date:2021-07-09T00:00:00
db:JVNDBid:JVNDB-2021-008984date:2022-04-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-558date:2021-07-09T00:00:00
db:NVDid:CVE-2021-24020date:2021-07-09T19:15:08.197