CVE-2021-24020

Published: Jul 9, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.

Affected (2)

Products: Fortinet: Fortimail

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimail	From 6.2.0 to 6.2.7
Fortinet Fortimail	From 6.4.0 to 6.4.5

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://fortiguard.com/advisory/FG-IR-21-027

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-21-027

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.