mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
258 lines
9.5 KiB
JSON
258 lines
9.5 KiB
JSON
{
|
|
"id": "CVE-2021-32591",
|
|
"sourceIdentifier": "psirt@fortinet.com",
|
|
"published": "2021-12-08T12:15:07.737",
|
|
"lastModified": "2021-12-10T22:35:33.743",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de pasos criptogr\u00e1ficos faltantes en la funci\u00f3n que cifra las credenciales LDAP y RADIUS de los usuarios en FortiSandbox versiones anteriores a 4.0.1, FortiWeb versiones anteriores a 6.3.12, FortiADC versiones anteriores a 6.2.1, FortiMail 7.0.1 y anteriores puede permitir que un atacante en posesi\u00f3n del almac\u00e9n de contrase\u00f1as comprometa la confidencialidad de los secretos cifrados"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.6,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.6,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 2.6
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 4.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-327"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0.0",
|
|
"versionEndIncluding": "5.4.4",
|
|
"matchCriteriaId": "23AD5C87-6555-4936-A1B8-8229C1F53F72"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.3",
|
|
"matchCriteriaId": "7B938B6E-915F-42F4-B602-0CDF63E1F9BA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.0",
|
|
"versionEndIncluding": "6.1.3",
|
|
"matchCriteriaId": "5B3575EF-BFB5-4E8C-ACC2-878CB403503D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FCDF60B5-A0BE-41F6-A0D5-53526A7BBAE1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B42E0536-4831-4A6B-AC0B-C7AE3CDE3834"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "87F1A94F-C3C5-4F33-9BA3-70BC3ABED4C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0",
|
|
"versionEndIncluding": "5.6.3",
|
|
"matchCriteriaId": "D00B438D-B50E-4F68-ABCC-5F76108492A6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.11",
|
|
"matchCriteriaId": "F19CA06C-67C2-423E-8E65-4502A06EB667"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.7",
|
|
"matchCriteriaId": "72F6AEF1-C5BF-4A9A-A843-A152AA168085"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.4.0",
|
|
"versionEndIncluding": "6.4.5",
|
|
"matchCriteriaId": "07883AF7-1C60-43C9-8D98-CCF2B20C3B13"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15993051-6D79-4D59-B43D-EE3DA539AA18"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "77F5A17F-E5C0-47EB-AB34-4084943C3143"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.2.0",
|
|
"versionEndIncluding": "3.2.2",
|
|
"matchCriteriaId": "A82C2CB9-6C03-4ADC-93AF-C5798EFA6246"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0260B512-77CA-4FE8-A039-D7B287A19BAA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.7.0",
|
|
"versionEndIncluding": "5.7.3",
|
|
"matchCriteriaId": "3CAE0CA7-074F-43AD-B8F7-502596CBFF20"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.8.0",
|
|
"versionEndIncluding": "5.8.7",
|
|
"matchCriteriaId": "E2AB0971-D9B6-42A6-BB8B-9CEA66F6609A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.7",
|
|
"matchCriteriaId": "C5931460-A0F1-4BED-ADEF-A48602EA747C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.0",
|
|
"versionEndIncluding": "6.1.2",
|
|
"matchCriteriaId": "9B028C2F-34F0-44D2-B6D7-A7024E82801F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.4",
|
|
"matchCriteriaId": "B97AB280-E267-4ED4-B3D8-ABEB65A3353A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.3.0",
|
|
"versionEndIncluding": "6.3.11",
|
|
"matchCriteriaId": "1D2C6405-1C59-4E4F-9999-B9E4A259340A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E06648CF-D92B-4A29-8600-FFFFC84AA435"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortiweb:5.9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "00331438-9892-4210-B85A-E88382018927"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://fortiguard.com/advisory/FG-IR-20-222",
|
|
"source": "psirt@fortinet.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |