ID

VAR-202203-0909


CVE

CVE-2021-32586


TITLE

Fortinet FortiMail Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-18537 // CNNVD: CNNVD-202203-031

DESCRIPTION

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. FortiMail There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection

Trust: 2.34

sources: NVD: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-18537

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:eqversion:7.0.0

Trust: 1.6

vendor:fortinetmodel:fortimailscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.2.8

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.6

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:7.0.1

Trust: 0.8

vendor:fortinetmodel:fortimailscope:lteversion:<=5.4.12

Trust: 0.6

vendor:fortinetmodel:fortimailscope:gteversion:6.0.0,<6.0.12

Trust: 0.6

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0,<6.2.8

Trust: 0.6

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0,<6.4.6

Trust: 0.6

sources: CNVD: CNVD-2022-18537 // JVNDB: JVNDB-2022-007385 // NVD: CVE-2021-32586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-32586
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-32586
value: HIGH

Trust: 1.0

NVD: CVE-2021-32586
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-18537
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202203-031
value: CRITICAL

Trust: 0.6

VULHUB: VHN-392558
value: HIGH

Trust: 0.1

VULMON: CVE-2021-32586
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-32586
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-18537
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-392558
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-32586
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2021-32586
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-32586
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586 // NVD: CVE-2021-32586

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392558 // JVNDB: JVNDB-2022-007385 // NVD: CVE-2021-32586

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-031

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-031

PATCH

title:FG-IR-21-008url:https://fortiguard.com/psirt/FG-IR-21-008

Trust: 0.8

title:Patch for Fortinet FortiMail Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/325056

Trust: 0.6

title:FortiMail Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184271

Trust: 0.6

sources: CNVD: CNVD-2022-18537 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031

EXTERNAL IDS

db:NVDid:CVE-2021-32586

Trust: 4.0

db:JVNDBid:JVNDB-2022-007385

Trust: 0.8

db:CNVDid:CNVD-2022-18537

Trust: 0.7

db:AUSCERTid:ESB-2022.0859

Trust: 0.6

db:CS-HELPid:SB2022030125

Trust: 0.6

db:CNNVDid:CNNVD-202203-031

Trust: 0.6

db:VULHUBid:VHN-392558

Trust: 0.1

db:VULMONid:CVE-2021-32586

Trust: 0.1

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-008

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32586

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2022.0859

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030125

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-32586/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-18537 // VULHUB: VHN-392558 // VULMON: CVE-2021-32586 // JVNDB: JVNDB-2022-007385 // CNNVD: CNNVD-202203-031 // NVD: CVE-2021-32586

SOURCES

db:CNVDid:CNVD-2022-18537
db:VULHUBid:VHN-392558
db:VULMONid:CVE-2021-32586
db:JVNDBid:JVNDB-2022-007385
db:CNNVDid:CNNVD-202203-031
db:NVDid:CVE-2021-32586

LAST UPDATE DATE

2024-08-14T14:02:43.774000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-18537date:2022-03-11T00:00:00
db:VULHUBid:VHN-392558date:2022-03-09T00:00:00
db:VULMONid:CVE-2021-32586date:2022-03-09T00:00:00
db:JVNDBid:JVNDB-2022-007385date:2023-07-14T02:50:00
db:CNNVDid:CNNVD-202203-031date:2022-04-01T00:00:00
db:NVDid:CVE-2021-32586date:2022-03-09T14:11:28.700

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-18537date:2022-03-11T00:00:00
db:VULHUBid:VHN-392558date:2022-03-01T00:00:00
db:VULMONid:CVE-2021-32586date:2022-03-01T00:00:00
db:JVNDBid:JVNDB-2022-007385date:2023-07-14T00:00:00
db:CNNVDid:CNNVD-202203-031date:2022-03-01T00:00:00
db:NVDid:CVE-2021-32586date:2022-03-01T19:15:08.227