CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

Published: Mar 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-32586
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
fortinet / fortimail	-	5.4.12.x
fortinet / fortimail	7.0.0	7.0.0.x
fortinet / fortimail	6.4.0	6.4.6
fortinet / fortimail	6.2.0	6.2.8
fortinet / fortimail	6.0.0	6.0.12

https://fortiguard.com/psirt/FG-IR-21-008

Vulnerability Database

289,784

CVE-2021-32586