CVE-2021-32586

CVE Database · CVE-2021-32586

CVE-2021-32586

· HIGHModified

CVSS v3.1

7.7

EPSS

1.01%

Published

Mar 1, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Weaknesses (CWE)

CWE-20

Affected Products (5)

fortinet · fortimailvulnerable

fortinet · fortimail (up to 6.0.12)vulnerable

fortinet · fortimail (up to 6.2.8)vulnerable

fortinet · fortimail (up to 6.4.6)vulnerable

fortinet · fortimailvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-21-008

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-008

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs