CVE-2021-26099

CWE-327Broken Cryptographic Algorithm4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 63.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortinet Fortimail
Timeline
PublishedJul 12
Latest updateMay 24

Description

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortimail5.07.0.0
CVEListV5fortinet/fortinet_fortimailFortiMail before 7.0.0

🔴Vulnerability Details

2
GHSA
GHSA-p3qq-3w96-8x5w: Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 72022-05-24
CVEList
CVE-2021-26099: Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 72021-07-12

📋Vendor Advisories

1
Fortinet
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who...2021-07-12
CVE-2021-26099 (MEDIUM CVSS 4.9) | Missing cryptographic steps in the | cvebase.io