Multiple vulnerabilities in Fortinet FortiMail
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2021-26099 CVE-2021-26100 CVE-2021-24020 CVE-2021-24007 CVE-2021-24015 CVE-2021-26090 CVE-2021-26091 CVE-2021-26095 CVE-2021-24013 CVE-2021-22129 |
| CWE-ID | CWE-325 CWE-89 CWE-78 CWE-401 CWE-338 CWE-326 CWE-22 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Fortinet FortiMail Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Missing Required Cryptographic Step
EUVDB-ID: #VU54791
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26099
CWE-ID:
CWE-325 - Missing Required Cryptographic Step
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing cryptographic steps in FortiMail IBE. A remote attacker who comes in possession of the encrypted master keys can compromise their confidentiality by observing a few invariant properties of the ciphertext.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0 - 6.4.4
External linkshttp://fortiguard.com/advisory/FG-IR-20-244
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Required Cryptographic Step
EUVDB-ID: #VU54790
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26100
CWE-ID:
CWE-325 - Missing Required Cryptographic Step
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a missing cryptographic step in FortiMail IBE. A remote attacker who intercepts the encrypted messages can manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0 - 6.4.4
External linkshttp://fortiguard.com/advisory/FG-IR-21-003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing required cryptographic step
EUVDB-ID: #VU54787
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24020
CWE-ID:
CWE-325 - Missing Required Cryptographic Step
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass signature verification.
The vulnerability exists due to a missing cryptographic step in the implementation of the hash digest algorithm in FortiMail. A remote non-authenticated attacker can tamper with signed URLs by appending further data which allows bypass of signature verification.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 6.2.0 - 6.4.4
External linkshttp://fortiguard.com/advisory/FG-IR-21-027
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) SQL injection
EUVDB-ID: #VU54784
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24007
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0 - 6.4.3
External linkshttp://fortiguard.com/advisory/FG-IR-21-012
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS Command Injection
EUVDB-ID: #VU54779
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24015
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in FortiMail administrative interface. A remote authenticated user can send a specially crafted HTTP request and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0.0 - 6.4.3
External linkshttp://fortiguard.com/advisory/FG-IR-21-021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU54776
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26090
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in FortiMail Webmail. A remote attacker can exhaust available memory resources via specifically crafted login requests.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 6.4.0 - 6.4.4
External linkshttp://fortiguard.com/advisory/FG-IR-21-042
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of cryptographically weak pseudo-random number generator (PRNG)
EUVDB-ID: #VU54775
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26091
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to reset credentials of other users.
The vulnerability exists due to usage of weak pseudo-random number generator in the authenticator of FortiMail Identity Based Encryption service. A remote attacker can infer parts of users authentication tokens and reset their credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 6.2.0 - 6.4.4
External linkshttp://www.fortiguard.com/psirt/FG-IR-21-031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Inadequate encryption strength
EUVDB-ID: #VU54772
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26095
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to a combination of various cryptographic issues in the session management of FortiMail, including the encryption construction of the session cookie. A remote user with possession of a valid session cookie can decrypt it and reveal or alter its content.
Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 6.2.0 - 6.4.4
External linkshttp://www.fortiguard.com/psirt/FG-IR-21-019
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Path traversal
EUVDB-ID: #VU54731
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-24013
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0.0 - 6.4.3
External linkshttp://fortiguard.com/advisory/FG-IR-21-014
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU54728
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to multiple boundary errors within the FortiMail Webmail and Administrative interfaces. A remote authenticated user can send a specially crafted HTTP request, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFortinet FortiMail: 5.0.0 - 6.4.4
External linkshttp://fortiguard.com/advisory/FG-IR-21-023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
