VAR-202204-0959
Vulnerability from variot - Updated: 2023-12-18 13:06A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. FortiWAN Exists in the use of cryptographic algorithms.Information may be obtained and information may be tampered with. Fortinet FortiWan is a network device of Fortinet Corporation of the United States. Used to perform load balancing and fault tolerance across different networks.
Fortinet FortiWAN versions prior to 4.5.9 have an encryption issue vulnerability that stems from the program's use of broken or risky encryption algorithms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0959",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiwan",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.5.8"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "4.5.9"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiwan",
"scope": "lt",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.5.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiwan:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32593"
}
]
},
"cve": "CVE-2021-32593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-32593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47980",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-392565",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-009335",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32593",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-32593",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-47980",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2467",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-392565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. FortiWAN Exists in the use of cryptographic algorithms.Information may be obtained and information may be tampered with. Fortinet FortiWan is a network device of Fortinet Corporation of the United States. Used to perform load balancing and fault tolerance across different networks. \n\r\n\r\nFortinet FortiWAN versions prior to 4.5.9 have an encryption issue vulnerability that stems from the program\u0027s use of broken or risky encryption algorithms",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32593",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-47980",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022040534",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2467",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-392565",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"id": "VAR-202204-0959",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
}
],
"trust": 1.21145834
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
}
]
},
"last_update_date": "2023-12-18T13:06:47.628000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-070",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-070"
},
{
"title": "Patch for Fortinet FortiWAN Encryption Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/336036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-392565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/psirt/fg-ir-21-070"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32593"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-32593"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-32593/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040534"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"db": "VULHUB",
"id": "VHN-392565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"date": "2022-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-392565"
},
{
"date": "2023-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"date": "2022-04-06T10:15:07.983000",
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47980"
},
{
"date": "2022-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-392565"
},
{
"date": "2023-08-04T04:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-009335"
},
{
"date": "2022-04-13T18:59:06.550000",
"db": "NVD",
"id": "CVE-2021-32593"
},
{
"date": "2022-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiWAN\u00a0 Vulnerability in using cryptographic algorithms in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009335"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2467"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…