FortiPortal - Unrestricted file upload vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-092
Final
1
1
2021-08-03T00:00:00
Current version
2021-08-03T00:00:00
2021-08-03T00:00:00
An unrestricted file upload vulnerability (CWE-434) in the web interface of FortiPortal may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
Improper access control
FortiPortal 6.0.4 and below. FortiPortal 5.3.5 and below. FortiPortal 5.2.5 and below. FortiPortal 5.1.2 and below. FortiPortal 5.0.3 and below. FortiPortal 4.2.4 and below. FortiPortal 4.1.2 and below. FortiPortal 4.0.4 and below.
Upgrade to FortiPortal 6.0.5 or above. Upgrade to FortiPortal 5.3.6 or above. Upgrade to FortiPortal 5.2.6 or above. Fix for versions 5.1, 5.0, 4.2, 4.1, 4.0 and 3.2 to be confirmed.
Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
FortiPortal 6.0.4
FortiPortal 6.0.3
FortiPortal 6.0.2
FortiPortal 6.0.1
FortiPortal 6.0.0
FortiPortal 5.3.5
FortiPortal 5.3.4
FortiPortal 5.3.3
FortiPortal 5.3.2
FortiPortal 5.3.1
FortiPortal 5.3.0
FortiPortal 5.2.5
FortiPortal 5.2.4
FortiPortal 5.2.3
FortiPortal 5.2.2
FortiPortal 5.2.1
FortiPortal 5.2.0
FortiPortal 5.1.2
FortiPortal 5.1.1
FortiPortal 5.1.0
FortiPortal 5.0.3
FortiPortal 5.0.2
FortiPortal 5.0.1
FortiPortal 5.0.0
FortiPortal 4.2.2
FortiPortal 4.2.1
FortiPortal 4.1.2
FortiPortal 4.1.1
FortiPortal 4.1.0
FortiPortal 4.0.4
FortiPortal 4.0.3
FortiPortal 4.0.2
FortiPortal 4.0.1
FortiPortal 4.0.0
FortiPortal - Unrestricted file upload vulnerability
CVE-2021-32594
FortiPortal-6.0.4
FortiPortal-6.0.3
FortiPortal-6.0.2
FortiPortal-6.0.1
FortiPortal-6.0.0
FortiPortal-5.3.5
FortiPortal-5.3.4
FortiPortal-5.3.3
FortiPortal-5.3.2
FortiPortal-5.3.1
FortiPortal-5.3.0
FortiPortal-5.2.5
FortiPortal-5.2.4
FortiPortal-5.2.3
FortiPortal-5.2.2
FortiPortal-5.2.1
FortiPortal-5.2.0
FortiPortal-5.1.2
FortiPortal-5.1.1
FortiPortal-5.1.0
FortiPortal-5.0.3
FortiPortal-5.0.2
FortiPortal-5.0.1
FortiPortal-5.0.0
FortiPortal-4.2.2
FortiPortal-4.2.1
FortiPortal-4.1.2
FortiPortal-4.1.1
FortiPortal-4.1.0
FortiPortal-4.0.4
FortiPortal-4.0.3
FortiPortal-4.0.2
FortiPortal-4.0.1
FortiPortal-4.0.0
5.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-092
FortiPortal - Unrestricted file upload vulnerability
Reference>