Details of VAR-202112-0728

ID

VAR-202112-0728

CVE

CVE-2021-32591

TITLE

plural Fortinet Vulnerabilities in the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-016087

DESCRIPTION

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. plural Fortinet The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-32591 // JVNDB: JVNDB-2021-016087 // VULHUB: VHN-392563

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	lte	version:	5.7.3	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.0.7	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.9.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	eq	version:	*	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	5.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	5.8.7	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	6.2.1	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lte	version:	6.0.3	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.2.4	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	5.8.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	5.9.1	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lte	version:	6.4.5	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lte	version:	5.4.4	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.3.11	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.2.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	5.7.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lte	version:	6.1.3	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lte	version:	5.6.3	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lte	version:	6.2.7	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lte	version:	6.0.11	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lte	version:	6.1.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-016087 // NVD: CVE-2021-32591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32591
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-32591
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-32591
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202112-549
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-392563
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-32591
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-392563
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-32591
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-016087
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591 // NVD: CVE-2021-32591

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-327	Trust: 0.1

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // NVD: CVE-2021-32591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-549

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-549

PATCH

title:	FG-IR-20-222	url:	https://fortiguard.com/advisory/FG-IR-20-222	Trust: 0.8
title:	Fortinet FortiMail Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173990	Trust: 0.6

sources: JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32591	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-016087	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.4158	Trust: 0.6
db:	CS-HELP	id:	SB2021120721	Trust: 0.6
db:	CS-HELP	id:	SB2021120720	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-549	Trust: 0.6
db:	VULHUB	id:	VHN-392563	Trust: 0.1

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-20-222	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32591	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.4158	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120720	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120721	Trust: 0.6

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591

SOURCES

db:	VULHUB	id:	VHN-392563
db:	JVNDB	id:	JVNDB-2021-016087
db:	CNNVD	id:	CNNVD-202112-549
db:	NVD	id:	CVE-2021-32591

LAST UPDATE DATE

2024-08-14T14:02:54.482000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-392563	date:	2021-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-016087	date:	2022-12-06T07:28:00
db:	CNNVD	id:	CNNVD-202112-549	date:	2021-12-13T00:00:00
db:	NVD	id:	CVE-2021-32591	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-392563	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-016087	date:	2022-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-549	date:	2021-12-07T00:00:00
db:	NVD	id:	CVE-2021-32591	date:	2021-12-08T12:15:07.737