Skip to main content

Fortiadc CVE-2021-32591

MEDIUM
2021-12-08 psirt@fortinet.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 08, 2021 - 12:15 nvd
MEDIUM 5.3

DescriptionNVD

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

AnalysisAI

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Technical ContextAI

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. Affected products include: Fortinet Fortiadc, Fortinet Fortimail, Fortinet Fortisandbox, Fortinet Fortiweb. Version information: before 4.0.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-38381 CRITICAL
9.8 Nov 02

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all version

CVE-2023-25603 CRITICAL
9.1 Nov 14

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.

CVE-2023-26205 HIGH
8.8 Nov 14

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions,

CVE-2022-33875 HIGH
8.8 Dec 06

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiA

CVE-2022-26120 HIGH
8.8 Jul 18

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] i

CVE-2023-25607 HIGH
7.8 Oct 10

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in

CVE-2023-28000 HIGH
7.8 Jun 13

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0

CVE-2023-26210 HIGH
7.8 Jun 13

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-

CVE-2023-27999 HIGH
7.8 May 03

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 thr

CVE-2022-22299 HIGH
7.8 Aug 05

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiAD

CVE-2025-31104 HIGH
7.2 Jun 10

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated att

CVE-2023-27993 HIGH
7.1 May 03

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to d

Share

CVE-2021-32591 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy