Vulnerability Description
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiadc | >= 5.0.0, <= 5.4.4 |
| Fortinet | Fortimail | All versions |
| Fortinet | Fortisandbox | >= 3.2.0, <= 3.2.2 |
| Fortinet | Fortiweb | >= 5.7.0, <= 5.7.3 |
References
- https://fortiguard.com/advisory/FG-IR-20-222PatchVendor Advisory
- https://fortiguard.com/advisory/FG-IR-20-222PatchVendor Advisory
FAQ
What is CVE-2021-32591?
CVE-2021-32591 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0....
How severe is CVE-2021-32591?
CVE-2021-32591 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32591?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiadc, Fortinet Fortimail, Fortinet Fortisandbox, Fortinet Fortiweb.