CVE-2021-32598
Published: 05 August 2021
Summary
CVE-2021-32598 is a medium-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 4.3 (Medium).
Operationally, ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-19438
Vulnerability details
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform…
more
an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.