Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Oct 25, 2024

CVE-2021-32591

Description

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

Affected products

Fortinet/Fortiwebllm-fuzzy
Range: <6.3.12
Fortinet/Fortisandboxllm-fuzzy2 versions
<4.0.1+ 1 more
- (no CPE)range: <4.0.1
- (no CPE)range: FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier
Fortinet/FortiADCllm-fuzzy
Range: <6.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/advisory/FG-IR-20-222mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000