CVE-2021-32591

MEDIUM

FortiSandbox <4.0.1, FortiWeb <6.3.12, FortiADC <6.2.1, FortiMail 7...

Title source: llm
STIX 2.1

Description

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-20-222

Scores

CVSS v3 5.3
EPSS 0.0039
EPSS Percentile 60.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (11)
fortinet/fortiadc 6.2.0
fortinet/fortiadc 6.2.1
fortinet/fortiadc 5.0.0 - 5.4.4
fortinet/fortimail
fortinet/fortimail 7.0.0
fortinet/fortimail 7.0.1
fortinet/fortisandbox 4.0.0
fortinet/fortisandbox 3.2.0 - 3.2.2
fortinet/fortiweb 5.9.0
fortinet/fortiweb 5.9.1
... and 1 more
Published Dec 08, 2021
Tracked Since Feb 18, 2026