PT-2021-19797 · Fortinet · Fortimail+3
Published
2021-12-08
·
Updated
2023-08-08
·
CVE-2021-32591
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiSandbox versions prior to 4.0.1
FortiWeb versions prior to 6.3.12
FortiADC versions prior to 6.2.1
FortiMail versions 7.0.1 and earlier
Description
A missing cryptographic steps issue in the function that encrypts users' LDAP and RADIUS credentials may allow an attacker with access to the password store to compromise the confidentiality of the encrypted secrets.
Recommendations
For FortiSandbox versions prior to 4.0.1, update to version 4.0.1 or later.
For FortiWeb versions prior to 6.3.12, update to version 6.3.12 or later.
For FortiADC versions prior to 6.2.1, update to version 6.2.1 or later.
For FortiMail versions 7.0.1 and earlier, update to a version later than 7.0.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortiadc
Fortimail
Fortisandbox
Fortiweb