ID

VAR-202107-0839


CVE

CVE-2021-26095


TITLE

FortiMail  Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009855

DESCRIPTION

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. FortiMail Is vulnerable to the use of cryptographic algorithms.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2021-26095 // JVNDB: JVNDB-2021-009855 // CNVD: CNVD-2022-19078 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-385059 // VULMON: CVE-2021-26095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-19078

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:ltversion:6.4.5

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:eqversion:6.2.0 to 6.2.6

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.0 to 6.4.4

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0,<=6.4.4

Trust: 0.6

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0,<=6.2.6

Trust: 0.6

sources: CNVD: CNVD-2022-19078 // JVNDB: JVNDB-2021-009855 // NVD: CVE-2021-26095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-26095
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2021-26095
value: HIGH

Trust: 1.0

NVD: CVE-2021-26095
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-19078
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-843
value: HIGH

Trust: 0.6

VULHUB: VHN-385059
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-26095
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-19078
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-385059
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-26095
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-26095
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-26095
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-19078 // VULHUB: VHN-385059 // JVNDB: JVNDB-2021-009855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-843 // NVD: CVE-2021-26095 // NVD: CVE-2021-26095

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-327

Trust: 0.1

sources: VULHUB: VHN-385059 // JVNDB: JVNDB-2021-009855 // NVD: CVE-2021-26095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-843

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-21-019url:https://fortiguard.com/advisory/FG-IR-21-019

Trust: 0.8

title:Patch for Fortinet FortiMail Encryption Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/325301

Trust: 0.6

title:Fortinet FortiMail Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156536

Trust: 0.6

sources: CNVD: CNVD-2022-19078 // JVNDB: JVNDB-2021-009855 // CNNVD: CNNVD-202107-843

EXTERNAL IDS

db:NVDid:CVE-2021-26095

Trust: 4.0

db:JVNDBid:JVNDB-2021-009855

Trust: 0.8

db:CNVDid:CNVD-2022-19078

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-843

Trust: 0.6

db:VULHUBid:VHN-385059

Trust: 0.1

db:VULMONid:CVE-2021-26095

Trust: 0.1

sources: CNVD: CNVD-2022-19078 // VULHUB: VHN-385059 // VULMON: CVE-2021-26095 // JVNDB: JVNDB-2021-009855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-843 // NVD: CVE-2021-26095

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-019

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26095

Trust: 1.4

url:https://www.fortinet.com/products/email-security

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-19078 // VULHUB: VHN-385059 // VULMON: CVE-2021-26095 // JVNDB: JVNDB-2021-009855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-843 // NVD: CVE-2021-26095

SOURCES

db:CNVDid:CNVD-2022-19078
db:VULHUBid:VHN-385059
db:VULMONid:CVE-2021-26095
db:JVNDBid:JVNDB-2021-009855
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-843
db:NVDid:CVE-2021-26095

LAST UPDATE DATE

2024-08-14T13:10:16.730000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-19078date:2022-03-14T00:00:00
db:VULHUBid:VHN-385059date:2021-07-28T00:00:00
db:VULMONid:CVE-2021-26095date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009855date:2022-06-02T06:10:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-843date:2021-08-25T00:00:00
db:NVDid:CVE-2021-26095date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-19078date:2022-03-14T00:00:00
db:VULHUBid:VHN-385059date:2021-07-20T00:00:00
db:VULMONid:CVE-2021-26095date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009855date:2022-06-02T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-843date:2021-07-13T00:00:00
db:NVDid:CVE-2021-26095date:2021-07-20T11:15:11.477