===================================================================== CERT-Renater Note d'Information No. 2021/VULN099 ____________________________________________________________________ DATE : 02/03/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running FortiMail versions prior to 7.0.1, 6.4.6, 6.2.8, 6.0.12. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-21-028 https://www.fortiguard.com/psirt/FG-IR-21-008 _____________________________________________________________________ IR Number FG-IR-21-028 Date Mar 1, 2022 CVSSv3 Score 9.3 CVE ID CVE-2021-36166 Affected Products FortiMail: 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiMail - Administrative authentication bypass Summary An improper authentication vulnerability [CWE-287] in FortiMail may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. Affected Products FortiMail version 7.0.0 and below. FortiMail version 6.4.5 and below. FortiMail version 6.2.7 and below. FortiMail version 6.0.11 and below. FortiMail version 5.4.12 and below. Solutions Upgrade to FortiMail version 7.0.1. Upgrade to FortiMail version 6.4.6. Upgrade to FortiMail version 6.2.8. Upgrade to FortiMail version 6.0.12. Acknowledgement Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. _____________________________________________________________________ R Number FG-IR-21-008 Date Mar 1, 2022 Impact Execute unauthorized code or commands CVE ID CVE-2021-32586 Affected Products FortiMail: 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0 FortiMail - Unsafe handling of CGI environment parameters in web server framework Summary An improper input validation (CWE-20) vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. Affected Products FortiMail 7.0.0. FortiMail 6.4.5 and below. FortiMail 6.2.7 and below. FortiMail 6.0.11 and below. FortiMail 5.4.12 and below. Solutions Upgrade to FortiMail 7.0.1 or above. Upgrade to FortiMail 6.4.6 or above. Upgrade to FortiMail 6.2.8 or above. Upgrade to FortiMail 6.0.12 or above. Acknowledgement Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================