cnvd - cnvd-2021-73658

cnvd-2021-73658

Vulnerability from cnvd

Title: Fortinet FortiPortal文件上传漏洞

Description:

Fortinet FortiPortal是美国飞塔（Fortinet）公司的FortiGate、FortiWiFi和FortiAP产品线的托管安全分析和管理支持工具，可作为虚拟机供MSP使用。

Fortinet FortiPortal在6.0.0至6.0.4、5.3.0至5.3.5、5.2.0至5.2.5和4.2.2及更早版本存在文件上传漏洞，该漏洞是由于上传文件时对文件验证不足造成的。攻击者可利用漏洞上传恶意文件到系统，并篡改底层系统的文件。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.fortiguard.com/psirt/FG-IR-20-066

Reference: https://www.cybersecurity-help.cz/vdb/SB2021080312

Impacted products

Name
['Fortinet FortiPortal >=5.3.0，<=5.3.5', 'Fortinet FortiPortal >=5.2.0，<=5.2.5', 'Fortinet FortiPortal <=4.2.2', 'Fortinet FortiPortal >=6.0.0，<=6.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32594",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-32594"
    }
  },
  "description": "Fortinet FortiPortal\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684FortiGate\u3001FortiWiFi\u548cFortiAP\u4ea7\u54c1\u7ebf\u7684\u6258\u7ba1\u5b89\u5168\u5206\u6790\u548c\u7ba1\u7406\u652f\u6301\u5de5\u5177\uff0c\u53ef\u4f5c\u4e3a\u865a\u62df\u673a\u4f9bMSP\u4f7f\u7528\u3002\n\nFortinet FortiPortal\u57286.0.0\u81f36.0.4\u30015.3.0\u81f35.3.5\u30015.2.0\u81f35.2.5\u548c4.2.2\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4e0a\u4f20\u6587\u4ef6\u65f6\u5bf9\u6587\u4ef6\u9a8c\u8bc1\u4e0d\u8db3\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\u5230\u7cfb\u7edf\uff0c\u5e76\u7be1\u6539\u5e95\u5c42\u7cfb\u7edf\u7684\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.fortiguard.com/psirt/FG-IR-20-066",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-73658",
  "openTime": "2021-09-26",
  "products": {
    "product": [
      "Fortinet FortiPortal \u003e=5.3.0\uff0c\u003c=5.3.5",
      "Fortinet FortiPortal \u003e=5.2.0\uff0c\u003c=5.2.5",
      "Fortinet FortiPortal \u003c=4.2.2",
      "Fortinet FortiPortal \u003e=6.0.0\uff0c\u003c=6.0.4"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021080312",
  "serverity": "\u4e2d",
  "submitTime": "2021-08-05",
  "title": "Fortinet FortiPortal\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2021-32594 (GCVE-0-2021-32594)

Vulnerability from cvelistv5

Published

2021-08-04 13:26

Modified

2024-10-25 13:54

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C

CWE

Unrestricted file upload

Summary

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.

References

▼	URL	Tags
	https://fortiguard.com/advisory/FG-IR-21-092	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiPortal	Version: FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-092"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:34.138571Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:54:17.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system\u0027s files via the upload of specifically crafted files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted file upload",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-04T13:26:45",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-092"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiPortal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system\u0027s files via the upload of specifically crafted files."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "Low",
            "baseScore": 5.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unrestricted file upload"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-092",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-092"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32594",
    "datePublished": "2021-08-04T13:26:46",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:54:17.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted