CVE-2021-32593

CWE-327Broken Cryptographic Algorithm4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 62.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwanFortinet Fortinet Fortiwan
Timeline
PublishedApr 6
Latest updateApr 7

Description

A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5fortinet/fortinet_fortiwanFortiWAN before 4.5.9

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-r38h-c57m-fw47: A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 42022-04-07
CVEList
CVE-2021-32593: A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 42022-04-06

📋Vendor Advisories

1
Fortinet
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN be...2022-04-06
CVE-2021-32593 (MEDIUM CVSS 6.5) | A use of a broken or risky cryptogr | cvebase.io