CVE-2021-32588

Published: Aug 18, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.

Affected (5)

Products: Fortinet: Fortiportal

Fortinet

1 product

Fortiportal

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiportal	From 5.0.0 to 5.0.3
Fortinet Fortiportal	From 5.1.0 to 5.1.2
Fortinet Fortiportal	From 5.2.0 to 5.2.5
Fortinet Fortiportal	From 5.3.0 to 5.3.5
Fortinet Fortiportal	From 6.0.0 to 6.0.4

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://fortiguard.com/advisory/FG-IR-21-077

Source: psirt@fortinet.com

Third Party Advisory

https://fortiguard.com/advisory/FG-IR-21-077

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.