cbcvebase.
CVE-2021-32591
published 2021-12-08

CVE-2021-32591: A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before…

medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc5.0.0 – 5.4.4
fortinetfortiadc6.0.0 – 6.0.3
fortinetfortiadc6.1.0 – 6.1.3
fortinetfortimail
fortinetfortimail
fortinetfortimail
fortinetfortimail5.0 – 5.6.3
fortinetfortimail6.0.0 – 6.0.11
fortinetfortimail6.2.0 – 6.2.7
fortinetfortimail6.4.0 – 6.4.5
fortinetfortinet_fortisandbox
fortinetfortisandbox
fortinetfortisandbox
fortinetfortisandbox3.2.0 – 3.2.2
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb5.7.0 – 5.7.3
fortinetfortiweb5.8.0 – 5.8.7
fortinetfortiweb6.0.0 – 6.0.7
fortinetfortiweb6.1.0 – 6.1.2
fortinetfortiweb6.2.0 – 6.2.4