FortiPortal - Authentication bypass and remote code execution as root


A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password. 

Affected Products

FortiPortal versions 5.2.5 and below. 
FortiPortal versions 5.3.5 and below.
FortiPortal versions 6.0.4 and below. 
FortiPortal 5.0.x 
FortiPortal 5.1.x


Please upgrade to FortiPortal version 5.2.6 or above. 
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above. 


Fortinet is pleased to thank Ben Knight, CyberCX New Zealand for bringing this issue to our attention under responsible disclosure.