CVE-2021-24020

CWE-347CWE-3264 documents4 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 61.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortinet Fortimail
Timeline
PublishedJul 9
Latest updateMay 24

Description

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimail6.4.06.4.5+1
CVEListV5fortinet/fortinet_fortimailFortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7

🔴Vulnerability Details

2
GHSA
GHSA-8wr8-gr7j-v6cg: A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 62022-05-24
CVEList
CVE-2021-24020: A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 62021-07-09

📋Vendor Advisories

1
Fortinet
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6...2021-07-09
CVE-2021-24020 (CRITICAL CVSS 9.8) | A missing cryptographic step in the | cvebase.io