Main Vulnerability Database Vulnerabilities #VU58633

#VU58633 Missing Required Cryptographic Step in Fortinet, Inc products - CVE-2021-32591

Published: December 7, 2021

Vulnerability identifier: #VU58633

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-32591

CWE-ID: CWE-325

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSandbox
FortiWeb
FortiADC

Software vendor:
Fortinet, Inc

Description

The vulnerability allows an attacker to compromise users' passwords.

The vulnerability exists due to missing cryptographic steps in the function that encrypts users' LDAP and RADIUS credentials. An attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-20-222

#VU58633 Missing Required Cryptographic Step in Fortinet, Inc products - CVE-2021-32591

Description

Remediation

External links

Please verify you're human