← back
CVE-2021-32586

CVE-2021-32586

CVSS 7.7 HIGHEPSS 1.0%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X
Affected products
Fortinet · Fortinet FortiMail

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-21-008