Details of VAR-202204-0959

ID

VAR-202204-0959

CVE

CVE-2021-32593

TITLE

FortiWAN Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009335

DESCRIPTION

A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. FortiWAN Exists in the use of cryptographic algorithms.Information may be obtained and information may be tampered with. Fortinet FortiWan is a network device of Fortinet Corporation of the United States. Used to perform load balancing and fault tolerance across different networks. Fortinet FortiWAN versions prior to 4.5.9 have an encryption issue vulnerability that stems from the program's use of broken or risky encryption algorithms

Trust: 2.25

sources: NVD: CVE-2021-32593 // JVNDB: JVNDB-2022-009335 // CNVD: CNVD-2022-47980 // VULHUB: VHN-392565

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-47980

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwan	scope:	lte	version:	4.5.8	Trust: 1.0
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	4.5.9	Trust: 0.8
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortiwan	scope:	lt	version:	4.5.9	Trust: 0.6

sources: CNVD: CNVD-2022-47980 // JVNDB: JVNDB-2022-009335 // NVD: CVE-2021-32593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32593
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-32593
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-32593
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-47980
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-2467
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-392565
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-32593
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-47980
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-392565
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-32593
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-009335
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-47980 // VULHUB: VHN-392565 // JVNDB: JVNDB-2022-009335 // CNNVD: CNNVD-202204-2467 // NVD: CVE-2021-32593 // NVD: CVE-2021-32593

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-392565 // JVNDB: JVNDB-2022-009335 // NVD: CVE-2021-32593

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2467

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-2467

PATCH

title:	FG-IR-21-070	url:	https://www.fortiguard.com/psirt/FG-IR-21-070	Trust: 0.8
title:	Patch for Fortinet FortiWAN Encryption Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/336036	Trust: 0.6

sources: CNVD: CNVD-2022-47980 // JVNDB: JVNDB-2022-009335

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32593	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-009335	Trust: 0.8
db:	CNVD	id:	CNVD-2022-47980	Trust: 0.7
db:	CS-HELP	id:	SB2022040534	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2467	Trust: 0.6
db:	VULHUB	id:	VHN-392565	Trust: 0.1

sources: CNVD: CNVD-2022-47980 // VULHUB: VHN-392565 // JVNDB: JVNDB-2022-009335 // CNNVD: CNNVD-202204-2467 // NVD: CVE-2021-32593

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-070	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32593	Trust: 0.8
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-32593	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-32593/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040534	Trust: 0.6

sources: CNVD: CNVD-2022-47980 // VULHUB: VHN-392565 // JVNDB: JVNDB-2022-009335 // CNNVD: CNNVD-202204-2467 // NVD: CVE-2021-32593

SOURCES

db:	CNVD	id:	CNVD-2022-47980
db:	VULHUB	id:	VHN-392565
db:	JVNDB	id:	JVNDB-2022-009335
db:	CNNVD	id:	CNNVD-202204-2467
db:	NVD	id:	CVE-2021-32593

LAST UPDATE DATE

2024-08-14T14:10:52.576000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-47980	date:	2022-06-28T00:00:00
db:	VULHUB	id:	VHN-392565	date:	2022-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009335	date:	2023-08-04T04:47:00
db:	CNNVD	id:	CNNVD-202204-2467	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2021-32593	date:	2022-04-13T18:59:06.550

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-47980	date:	2022-06-28T00:00:00
db:	VULHUB	id:	VHN-392565	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009335	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-2467	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2021-32593	date:	2022-04-06T10:15:07.983