CVE-2021-24020
CVE-2021-24020
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Fortinet · Fortinet FortiMailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →