Details of VAR-202203-0909

ID

VAR-202203-0909

CVE

CVE-2021-32586

TITLE

Fortinet FortiMail Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-18537 // CNNVD: CNNVD-202203-031

DESCRIPTION

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. FortiMail There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection

Trust: 2.34

sources: NVD: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-18537

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	fortinet	model:	fortimail	scope:	lte	version:	5.4.12	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.0.12	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.6	Trust: 1.0
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	7.0.1	Trust: 0.8
vendor:	fortinet	model:	fortimail	scope:	lte	version:	<=5.4.12	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.0.0,<6.0.12	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0,<6.2.8	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0,<6.4.6	Trust: 0.6

sources: CNVD: CNVD-2022-18537 // JVNDB: JVNDB-2022-007385 // NVD: CVE-2021-32586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32586
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2021-32586
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-32586
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-18537
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202203-031
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-392558
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-32586
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-32586
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-18537
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-392558
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-32586
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2021-32586
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-32586
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586 // NVD: CVE-2021-32586

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-392558 // JVNDB: JVNDB-2022-007385 // NVD: CVE-2021-32586

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-031

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-031

PATCH

title:	FG-IR-21-008	url:	https://fortiguard.com/psirt/FG-IR-21-008	Trust: 0.8
title:	Patch for Fortinet FortiMail Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/325056	Trust: 0.6
title:	FortiMail Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184271	Trust: 0.6

sources: CNVD: CNVD-2022-18537 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32586	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-007385	Trust: 0.8
db:	CNVD	id:	CNVD-2022-18537	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0859	Trust: 0.6
db:	CS-HELP	id:	SB2022030125	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-031	Trust: 0.6
db:	VULHUB	id:	VHN-392558	Trust: 0.1
db:	VULMON	id:	CVE-2021-32586	Trust: 0.1

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-008	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32586	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2022.0859	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030125	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-32586/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586

SOURCES

db:	CNVD	id:	CNVD-2022-18537
db:	VULHUB	id:	VHN-392558
db:	VULMON	id:	CVE-2021-32586
db:	JVNDB	id:	JVNDB-2022-007385
db:	CNNVD	id:	CNNVD-202203-031
db:	NVD	id:	CVE-2021-32586

LAST UPDATE DATE

2024-08-14T14:02:43.774000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-18537	date:	2022-03-11T00:00:00
db:	VULHUB	id:	VHN-392558	date:	2022-03-09T00:00:00
db:	VULMON	id:	CVE-2021-32586	date:	2022-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-007385	date:	2023-07-14T02:50:00
db:	CNNVD	id:	CNNVD-202203-031	date:	2022-04-01T00:00:00
db:	NVD	id:	CVE-2021-32586	date:	2022-03-09T14:11:28.700

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-18537	date:	2022-03-11T00:00:00
db:	VULHUB	id:	VHN-392558	date:	2022-03-01T00:00:00
db:	VULMON	id:	CVE-2021-32586	date:	2022-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-007385	date:	2023-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202203-031	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2021-32586	date:	2022-03-01T19:15:08.227