Cybersecurity specialists report the discovery of multiple vulnerabilities in FortiPortal, a self-service portal for FortiManager developed by Fortinet. According to the report, the successful exploitation of the reported flaws would allow the deployment of multiple attack variants.
Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-32602: Improper disinfection of user input in the FortiPortal GUI allows remote threat actors to trick a target user into following a specially crafted link and achieve HTML code execution.
The flaw received a CVSS score of 5.3/10 and its successful exploitation would allow the deployment of cross-site scripting (XSS) attacks.
CVE-2021-36168: An input validation error when processing directory traversal sequences in the affected driver would allow remote users to send specially crafted HTTP requests and read arbitrary files on the system.
This vulnerability received a CVSS score of 5.7/10.
CVE-2021-32596: FortiPortal uses a very predictable hashing method for password storage, so a threat actor with access to this information could retrieve current passwords by using precomputed tables.
The flaw received a score of 5.2/10 and is considered an error of reduced severity. It is worth mentioning that this vulnerability could only be exploited locally.
CVE-2021-32594: Insufficient validation during the file upload process would allow remote users to upload a malicious file and manipulate the underlying system files.
The vulnerability received a CVSS score of 4.7/10 and its exploitation could lead to the total compromise of the affected system.
CVE-2021-32590: Improper disinfection of user input would allow remote attackers to send specially crafted HTTP requests to the affected application and execute arbitrary SQL commands.
This flaw received a CVSS score of 8.5/10 and its successful exploitation would allow threat actors to execute arbitrary SQL queries to extract sensitive information.
CVE-2021-32588: The presence of a Tomcat Manager username and password encoded in the application code would allow remote hackers to access the affected system and execute arbitrary commands as the root user.
The vulnerability received a CVSS score of 8.7/10 and its successful exploitation would allow remote attackers to gain access to the affected system.
CVE-2021-26104: Improper validation of entries in the command-line interface would allow malicious local users to execute arbitrary shell commands as the root user through specifically designed CLI command parameters.
The flaw received a CVSS score of 7.7/10 and its malicious exploitation would allow local threat actors to escalate privileges on the target system.
All detected vulnerabilities reside in the following version of FortiPortal: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 6.0.0, 6.0.1, 6.0.2, 6.0.3, and 6.0.4.
While some of these flaws are considered critical, not all bugs are exploitable remotely by unauthenticated threat actors, greatly reducing the risk of exploitation. In addition, although no exploitation attempts have been detected in real scenarios, the flaws have already been addressed by Fortinet, so users of affected deployments are encouraged to update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.