ID

VAR-202112-0728


CVE

CVE-2021-32591


TITLE

plural  Fortinet  Vulnerabilities in the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-016087

DESCRIPTION

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. plural Fortinet The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-32591 // JVNDB: JVNDB-2021-016087 // VULHUB: VHN-392563

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:5.7.3

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.0.7

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.9.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:5.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:5.8.7

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:lteversion:6.0.3

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:5.8.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:5.9.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.4.5

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:lteversion:5.4.4

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.11

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:5.7.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:lteversion:6.1.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:5.6.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.2.7

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.1.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016087 // NVD: CVE-2021-32591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-32591
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-32591
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-32591
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-549
value: MEDIUM

Trust: 0.6

VULHUB: VHN-392563
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-32591
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-392563
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-32591
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-016087
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591 // NVD: CVE-2021-32591

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-327

Trust: 0.1

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // NVD: CVE-2021-32591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-549

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-549

PATCH

title:FG-IR-20-222url:https://fortiguard.com/advisory/FG-IR-20-222

Trust: 0.8

title:Fortinet FortiMail Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173990

Trust: 0.6

sources: JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549

EXTERNAL IDS

db:NVDid:CVE-2021-32591

Trust: 3.3

db:JVNDBid:JVNDB-2021-016087

Trust: 0.8

db:AUSCERTid:ESB-2021.4158

Trust: 0.6

db:CS-HELPid:SB2021120721

Trust: 0.6

db:CS-HELPid:SB2021120720

Trust: 0.6

db:CNNVDid:CNNVD-202112-549

Trust: 0.6

db:VULHUBid:VHN-392563

Trust: 0.1

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-222

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-32591

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.4158

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120720

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120721

Trust: 0.6

sources: VULHUB: VHN-392563 // JVNDB: JVNDB-2021-016087 // CNNVD: CNNVD-202112-549 // NVD: CVE-2021-32591

SOURCES

db:VULHUBid:VHN-392563
db:JVNDBid:JVNDB-2021-016087
db:CNNVDid:CNNVD-202112-549
db:NVDid:CVE-2021-32591

LAST UPDATE DATE

2024-08-14T14:02:54.482000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-392563date:2021-12-10T00:00:00
db:JVNDBid:JVNDB-2021-016087date:2022-12-06T07:28:00
db:CNNVDid:CNNVD-202112-549date:2021-12-13T00:00:00
db:NVDid:CVE-2021-32591date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-392563date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-016087date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-549date:2021-12-07T00:00:00
db:NVDid:CVE-2021-32591date:2021-12-08T12:15:07.737