Cyber Resilience

CVE-2021-32598

Medium

Published: 05 August 2021

Published
05 August 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0014 33.6th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-32598 is a medium-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform…

more

an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortianalyzer
5.6.0 — 7.0.1
fortinet
fortimanager
5.6.0 — 7.0.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References